AlgoSec AutoDiscovery enables you to detect business service traffic from across your network and import them as business service flows into AppViz. AppViz organizes the business needs associated with specific traffic flows as business applications.
AutoDiscovery both collects user traffic logs from across your network, and maps the collected traffic to business services.
AutoDiscovery business services are organized into the following types:
|Map-based business services||
Map-based business services start with a server and port.
Traffic data from AutoDiscovery sensors provides data for all URLs and clients communicating with the server.
|Query-based business services||
Query-based business services start with the query on a server, or a server and port.
Queries discover the server's connection at a specific instance. These services are a snapshot of the service at the time it is created, and are not updated.
Note: Web-based business services (which start with a URL as the entry point) have been deprecated. Previously defined web-based business services continue to function, but new ones cannot be discovered.
This procedure provides steps for setting up an AutoDiscovery system for the first time after installing the AutoDiscovery server and sensors.
Note: AutoDiscovery is installed separately from ASMS. For details, see Install AutoDiscovery.
Do the following:
- Log in to AutoDiscovery. For details, see Log in to AutoDiscovery.
Define the AutoDiscovery sensors and subnets to manage the traffic detected by AutoDiscovery.
For details, see Define sensors and subnets.
Tip: Depending on your system configuration, you may want to install additional sensors instead of only using the default sensor installed with the AutoDiscovery server. If you install additional sensors, make sure to define them in AutoDiscovery before you continue.
For more details, see Install AutoDiscovery sensors.
Verify that NetFlow traffic flows successfully to the AutoDiscovery server via the sensor you defined.Configure NetFlow traffic flow to your sensor
Configure your NetFlow export device, such as VmWare or Cisco Nexux, to send NetFlow packets to the AutoDiscovery sensor IP address, on port 2055.
The following table lists the data that must be, or is recommended to be, included by the exporter in the NetFlow packets:
- Source VLAN
- NetFlow Version
- IPv4 Protocol
- IPv4 Source address
- IPv4 Destination address
- Source port
- Destination port
- Counter bytes
- Counter packets
- TCP flags
Create an AutoDiscovery business service to collect your traffic.
For details, see:
Switch to AppViz. Connect your AutoDiscovery server to AppViz and start importing your application flows into AppViz.
For more details, see:
For more details, see:
- Manage business services
- Export AutoDiscovery data
- Configure AutoDiscovery
- Troubleshoot AutoDiscovery
This procedure describes how to log in to AutoDiscovery.
Note: Before connecting to an AFA machine, ensure that you have the most recent version of AutoDiscovery installed, and your AFA machine is loaded with a license that also supports AutoDiscovery.
Do the following:
Navigate to https://[AutoDiscoveryServerIP]:9443.
A login page appears, similar to the ASMS login page.
Log in with your AutoDiscovery username and password.
Note: AutoDiscovery credentials may be different than your ASMS credentials.
The default credentials are administrator / admin.
The Welcome to AlgoSecAutoDiscovery page appears.
Click the AlgoSecAutoDiscovery Web Console link.First time logging in to AutoDiscovery
The first time that you log in to AutoDiscovery, you are prompted to connect to an AFA server, with the afa user pre-defined. For example:
Enter the following details, and click Login.
AlgoSec Firewall Analyzer host
The hostname or IP address of your AFA server.
Enter afa, which is the Linux password used to connect AutoDiscovery to AFA.
You are logged in and the Activity Dashboard appears. For example: