Create Custom Fingerprints Based on Application or Application Group


The ExtremeAnalytics feature uses fingerprints to identify to which application a network traffic flow belongs. A fingerprint is a description of a pattern of network traffic which can be used to identify an application. ExtremeCloud IQ Site Engine provides thousands of system fingerprints with the ExtremeAnalytics feature. In addition, you can create new custom fingerprints.

Creating Fingerprints Based on an Application or Application Group

This example demonstrates how to create a fingerprint for some unclassified web traffic.

In the ExtremeCloud IQ Site Engine Application Flows table (with the Show Unclassified Web Traffic View selected), several flows for the "yahoo ads" application are part of the Web Applications group. The following instructions will enable you to create a fingerprint that provides an application and application group specifically for this traffic, instead of letting it default to the Web Applications group. The new fingerprint categorizes "yahoo ads" flows into the Yahoo Ads ld application and the Advertising application group.

Use the following steps to create the fingerprint.

  1. Select the Analytics tab in ExtremeCloud IQ Site Engine.
  2. Select the Application Flows tab.
  3. In the table, select the Show Unclassified Web Traffic View.
  4. Right-click on a flow with the yahoo ads application and select Fingerprints > Add Fingerprint.
  5. The Add Fingerprint window opens.

  6. Use the drop-down list to select matching the "yahoo ads" host.
  7. Set the Application Name to Yahoo Ads.
  8. Set the Application Group to Advertising.
  9. Set the Confidence level to 60 (the default). A fingerprint with a confidence higher than 60 can supersede this fingerprint, if it also matches the flow.
  10. Select OK to create the fingerprint.
  11. Enforce to push the new fingerprint to your engines.

For information on related help topics: