Business applications

In AppViz, an application is a business need that may require specific traffic flows to be allowed in your network security policy. Typically, an application is associated with the various user communities that use its services and manage the application.

View applications

From the AppViz main menu, click APPLICATIONS to search for and view the applications configured in AppViz.


The Applications menu appears on the left with details about the most recent application in the workspace.


The Applications menu appears on the left. Click an application name to view its details in the workspace.

Icons: Application names are preceded by icons for applications listed at left side of Application page and preceding application titles, indicating status as follows:

  • Colored boxes represent the current connectivity status of the application's flows:

    Note: If there is no connectivity information and both the Refresh Connectivity and Run Connectivity buttons are disabled, set the user property connectivity.scan.enable to true and check the value of the user property afa.tsq.custom_group.

    Allowed. The network security policy is configured to allow all of the application's connectivity requirements. Every flow in the application is allowed.

    Blocked. One or more of the application's flows are blocked or partially blocked.

    No connectivity information, Decommissioned or Pending Decommission.

  • Image icons indicate an application's revision status. Click the icon to select the revision you want to view.

    Draft revision

    Pending Implementation

About applications created in FireFlow

  • Applications from FireFlow are labeled with "FireFlow" as their origin.

  • Contact details are included prominently.

  • Flows follow a standardized naming convention indicating their FireFlow source in the following format: <incremental flow number>_<Change Request ID>_From_FireFlow

Enter text in the search bar to search for an application name. For more details, see Search for applications.

Tip: To return to the other areas available from the main menu, click the hamburger icon at the top left, and select the page you want to navigate to.

Search for applications

At the top left of the AppViz Applications area, enter text in the search bar at the top left to search for application names or tags.

  • To search for application names or tags only, click and select an option from the dropdown menu:

    Note: This search only returns current versions of your applications, and cannot access historical data.

Perform an advanced search

Under the Applications search bar, click Advanced Search to perform an advanced search for applications.


In the Advanced Search dialog, enter text in any of the fields to find matching applications.

Click Search to perform your search.

Advanced search fields include:

By Traffic

Enter details in any of the following fields:

  • Source. A server name or IP address for the traffic source you want to search for.

  • User. The username for the user of the traffic you want to search for.

  • Destination. A server name or IP address for the traffic destination you want to search for.

  • Network Application. A network application name for the traffic source you want to search for.

  • Service. A service name or definition of the service of the traffic you want to search for.

  • Click to add another traffic line to your search criteria.
  • Click to delete a traffic line.

Note: The User and Network Application fields appear only when user or application awareness is configured.

By Network Objects Enter the name of a network object.
By Devices Enter the name of a device.
By Risk Enter a risk code or title.
By Vulnerability Enter a CVE identifier or vulnerability description.
By Connectivity

Select one or more connectivity statuses for the application's flows.

Note: This search parameter is related to flow connectivity, not application connectivity.The results will include all applications with at least one flow with the specified connectivity.

By Status

Select one or more revision statuses.
By tag Enter a tag name.
By Projects

Enter a project name.
By Custom Field

Enter a custom field name and value.

  • Click to add another custom field line.
  • Click to delete a custom field line.
By Expiration Date Enter a range of application expiration dates.

  1. Click Network object lookup below the desired field.

    The Network Object Lookup wizard appears.

    Note: If device objects with the same name (but different content) appear, the device on which the object is defined is indicated.

  2. To search for network objects, use the Auto-Search. For details, see Advanced search wizard auto search.

  3. To filter the results by object type, click one or more of the Show buttons.
    • The first Show button you click causes all other buttons to become disabled (and consequently not appear in the results).
    • Clicking additional buttons causes the object type you click to toggle: if it was enabled it will become disabled and vice versa.
    • By default, all Show buttons are enabled (all objects appear in the results).

  4. Select one or more network objects from the list.

    The number of network objects selected appears above the list.

  5. Click Add.

    The selections are added to the field.

Note: If user field validation is not enabled, the only users that appear in this lookup are users that were previously created in AppViz. Administrators can enable user field validation as needed. For details, see Enable validation for the user field .

To select a user using the Users Lookup wizard:

  1. Click User lookup below the Users field.

    The Users Lookup wizard appears.

  2. To search for users, type the search criteria into the search box, and click .

  3. Select one or more users from the list.

  4. Click Add.

    The selections are added to the field.

To select a service using the Service Lookup wizard:

  1. Click the link below the desired field.

    The Service Lookup wizard appears.

  2. To search for services, use the Auto-Search. For details, see Advanced search wizard auto search.

  3. Select one or more services from the list.

    The number of services selected appears above the list.

  4. Click Add.

    The selections are added to the field.

To select an application using the Network Application Lookup wizard:

  1. Click + Network Application Lookup.

    The Network Application Lookup wizard appears.

  2. To search for network applications, type all or part of an application name in the search box, and press enter.

  3. Select one or more applications from the list.

    The number of network applications selected appears above the list.

    To clear all your selections, click Clear.

  4. Click Add.

    The selections are added to the field.

To use the Auto Search:

  1. In the drop-down menu, select one of the following options:

    Search parameter A search will return...

    Containing the range

    All objects that contain the searched content.

    Contained within the range

    All objects that are entirely contained in the searched content.

    Exact address/service match

    All objects that are an exact match of the searched content.

    Intersection

    All objects that have any overlap with the searched content.

    Match as object name

    All objects whose name contains the searched phrase.

    Auto

    All objects whose names contain the searched phrase.

    If an IP address/range or service definition is entered, then all servers/services which intersect with the given content.
  2. Type the search criteria into the search box, and click .
  3. Select one or more objects from the list below the search box.

Note: You may select multiple objects, but if you perform a search after making a selection, the original selection will not stay selected.

Add applications

This procedure describes how to add a new application to AppViz manually.

Do the following:

  1. In the AppViz Applications area, click + Add Application at the top-left / + New Application at the bottom-left.


    The New Application form appears in the workspace.

  2. [Optional] Create a new application from the New Application tab by filling out the relevant fields (see Application fields) and then skip Step #4 (Clone an existing application),

  3. [Optional] Clone an existing application:
    • Click the Based on existing tab.
    • In the Base Application box, type the name of the application to clone. Or, click Application lookup to search for the base application or select from the Application Name list.
    • Complete or modify the fields as needed. For details, see Application fields.
  4. Associate Contacts:
    To associate contacts with the application, do the following in the Contacts area:

    • Click Add contact.

      The Add contact wizard is displayed.

    • Use the wizard to select the contact. For details, see Use the Add Contact wizard .

  5. To add a tag to the application, see Add a tag .

    Note: This area only supports adding user-defined tags, not system tags such as the tags associated with Critical Processes. System tags, by definition, are only added to applications as the result of a system function.

  6. To add an attachment to the application, click Attach files and follow the instructions.

  7. Click Save Changes.

    The application is added.

In this field...

Do this...

Name

Type the name of the application.

Expiration Date

Click the calendar icon to select an expiration date.

Note: Expiration date may be modified in edit mode.

Business Unit

Type the name of the business unit.

Business Unit Location

Type the name of the business unit location.

Line Of Business

Type the line of business.

Business Criticality

Type the criticality of the business.

Business Partner ID

Type the ID of the business partner.

To add contacts:

  1. Do one of the following:

    • Select a contact from the Contacts list below the search box.
    • Search for a contact, by doing the following:
  2. Type any part of the contact name in the search box.
  3. Click .
  4. Select the contact's role from the Roles list.
  5. Click Save Changes.

The contact is added to the application.

Note: You can only add user-defined tags, not system tags. By definition, system tags are automatically added to applications because of a system configuration.

To add a tag to an application:

  1. If you are working from the application's Dashboard tab, click . Otherwise, continue to the next step.

    The tags field appears in an editable format.

  2. Start typing the tag name in the field.

    A drop-down list appears with auto-completed options.

    If the user has permission to create new tags, the list additionally includes an option to create a new tag with the name you specified and add it to the application.

  3. Select the desired tag in the drop-down list.

    The tag appears in the field.

  4. To de-select a tag, click x.

    Note: You can only de-select user-defined tags, not system tags.

  5. If desired, repeat the procedure to add additional tags.

  6. If you are working from the application's Dashboard tab, click Save Changes. Otherwise, continue with the relevant procedure.

Application workflow

Use AppViz to manage your applications using the following steps:

  1. Add, edit, or remove flows from an application. The application revision status changes to Draft.
  2. Apply the draft revision to the network security policy, or remove it. AppViz opens a FireFlow change request to block traffic flows that are no longer in use.

For details, see:

 

â See also: