Managing Traffic Filters: Application Groups
You must have Root scope to use this feature.
Application groups are an efficient way to filter traffic. After you create application definitions, you can group them for more efficient use when configuring your sensors for metadata filtering. Stellar Cyber includes many groups already, such as advertising, cryptocurrency, and gaming. You can create custom groups from scratch, or use the existing groups as a basis for your new, custom groups.
The table in this pane operates the same as all other tables in Stellar Cyber. You can sort, add, edit, and delete, and export the displayed list. The option to edit or delete is disabled for groups defined by Stellar Cyber.
To create or edit an Application filter:
-
Click System | Collection | Traffic Filters. A panel for managing the traffic-based Application filters is displayed.
-
Click the sub-tab for Application Group.
-
Click Create to add a filter (the Add Traffic Application Group screen appears) or click the pencil button to edit a row.
-
Enter a Name for the Application Group.
-
Choose a Tenant. You can choose a specific tenant or All Tenants.
-
(Optional) Copy From existing Application groups, if you want. For any group you specify here, the next step populates all the applications in that group so that you can customize it further. You can use this method, for example, to "clone" an existing Stellar Cyber applications group and add or remove specific applications.
-
Click Next. The List Definition tab appears. If you selected any Application Groups in the previous step, those are displayed in the Application List.
-
To add applications to the group, click Applications . A new row appears; click in the field to display the application selection list.
-
To delete an application from the group, click . The application is immediately deleted.
-
-
Click Next. The Done tab appears.
-
Review your new group.
-
Click Submit. Your new custom application group is immediately created and the list is updated.
You can now use your application group as a filter in the metadata section of a sensor profile.