Define remote network sensors and subnets

This topic describes how to configure Remote Application Discovery Network Sensors and subnets, to define which traffic is collected.

Local Application Discovery Network Sensors and AAD Log Sensors are set up automatically.

Define a Remote Application Discovery network sensor

This procedure describes how to define an Application Discovery sensor to discover your traffic.

Note: We recommend using the default sensor installed together with the Application Discovery server. Depending on your system configuration, you may need additional sensors. For more details, see Deploy Application Discovery .

Do the following:

  1. In Application Discovery, click the Sensors tab, and click New.

  2. In the Define new sensor dialog, define your sensor as follows:

    Host Name

    Enter the sensor host name or IP address.

    Sensor Name

    Enter a display name for your sensor.

    Network Sensor Port

    If you are using a port other than the default port configured, enter the port number.

    The default port is 9545.

    Use SSL

    Select to enable SSL-encrypted communication between the Application Discovery server and sensor.

    Note: This is relevant only if you have additional sensors installed separately. If selected, you must additionally configure SSL-encrypted communication on the sensor.

  3. (Optional): Enable Sampling Mode for your sensor.

    This configures your sensor to capture only a sample of the traffic detected and can reduce pressure on the sensor.

    Note: Enabling Sampling Mode also disables SSL Certificate collection, IP flow collection, and may affect the detection of HTTP titles.

    1. Open the /opt/autodiscovery/networksensor/NetworkSensor.cfg sensor configuration file.

    2. In the NetworkSensor.cfg file, locate the capture_sampling_rate parameter.

      Define the value as <x>, where the sensor analyzes 1 out of every <x> packets.

Configure an Application Discovery subnet

Configure an Application Discovery subnet to ignore irrelevant endpoints/traffic and enable your system to focus on relevant data only.

By default, sensors only discover traffic that resides in the common internal networks, such as 192.168.x.x.

Note: Each time a new local network sensor is defined, the subnet that it belongs to is added to the list of subnets.

In this case, the subnet name will include the location (IP address) of the network sensor.

Do the following:

  1. In Application Discovery, select the Configuration > Subnet Management > Subnets.

  2. On the Subnets page, do one of the following:

    Add a new subnet

    Click New. In the Create or Edit Subnet dialog, enter the subnet values as needed.

    Edit or delete an existing subnet Click Edit or Delete in the row of the relevant subnet.
    Delete multiple subnets Select the subnets you want to delete and click Delete.

    Subnet fields include the follwing:

    Name

    Enter the subnet name.

    Subnet (CIDR)

    Enter the subnet mask in CIDR format.

    Inspect Traffic

    Select to enable traffic inspection. This includes HTTP transaction (URL) discovery and DNS resolution for servers in the subnet.

    Clear this option to disable traffic inspection.

    Note: This option is only relevant when editing a subnet, not adding a new one.

    Group

    (Optional) Select a group for the subnet in the drop-down menu.