Create Custom Fingerprints Based on Destination Address


The ExtremeAnalytics feature uses fingerprints to identify to which application a network traffic flow belongs. A fingerprint is a description of a pattern of network traffic which can be used to identify an application. ExtremeCloud IQ Site Engine provides thousands of system fingerprints with the ExtremeAnalytics feature. In addition, you can create new custom fingerprints.

Creating Fingerprints Based on a Destination Address

Often, you will create a new custom fingerprint to cover a case where no appropriate fingerprint existed. However, you can also create a new fingerprint for traffic flows already identified as one application, but should be categorized as something else.

For example, let's say you have a Git repository on your network. Git repositories (a source code management system used in software development) are frequently accessed via SSH on port 22 (the standard TCP port assigned for SSH traffic). In this case, the SSH traffic flows is identified using the system SSH port-based fingerprint.

But what if you would like to more closely monitor who is accessing the Git repository? If you know you are running the Git server on a certain system (10.20.117.102 port 22, for our example), you can create a custom fingerprint to identify the Git traffic flows.

The fingerprint is based on one of the SSH flows using the IP address/port of the Git server and have a higher confidence than the system port-based fingerprint. The higher confidence fingerprint will override the lower confidence fingerprint when determining a match for the traffic flow.

Use the following steps to create the fingerprint.

  1. Select the Analytics tab in ExtremeCloud IQ Site Engine.
  2. Select the Application Flows tab.
  3. In the table, right-click on an SSH port-based flow with the Git server destination address and select Fingerprints > Add Fingerprint.
  4. The Add Fingerprint window opens.

  5. Use the drop-down list to select matching the Git server IP address and port.
  6. Set the Application Name to Git.
  7. Select an Application Group that makes the most sense for your network. It might be Web Collaboration, Databases, Business Applications, or Storage. You can also create a new Application Group by entering a new required value.
  8. Set the Confidence level to 60, which is a higher confidence than the current fingerprint which is set at 10.
  9. Select OK to create the fingerprint.
  10. Enforce to push the new fingerprint to your engines.

For information on related help topics:

Top