Overview

AppResponse 11 Web User Interface

The Home page opens when you sign-in to SteelCentral AppResponse. A Virtual Interface Group (VIfG), other_vifg, containing all visible interfaces is automatically configured. A capture job, default_job, using all available VIfGs (other_vifg, by default) also has been configured to capture and monitor network traffic. By default, the All Traffic Insight is displayed, showing current network and application metrics for all your network traffic.

This page can be customized in the following ways:

◼ Under Administration > Other: User Preferences:

– Selecting another Insight to be displayed when this page is opened.

– Selecting not to display any Insight when this page is opened.

◼ Changing the time interval displayed using the current time selections choices or click the edit icon to specify your own time interval.

◼ Selecting Auto-Update to update the Insight, every minute by default. Click the expand icon to specify a different update interval.

◼ You also can create your own Insight in Navigator to display the groups and charts of most interest to you when you sign in to AppResponse 11. Go to Administration > Other: User Preferences and select your Insight to display automatically.

Want to immediately view other Insights?

1. Double click the collapsed column on the left side of the window.

2. A list of all Insights is displayed.

3. At the top of the list is a filter bar to assist you in finding an Insight. Multiple filters can be applied to the list of Insights. A green background indicates an applied filter in the filter bar. Click the funnel icon to select the type of filter and choose its values:

– By owner displays a list of owners for selection.

– By tag displays a list of all current tags for selection.

– By name matches the text specified with Insight names.

– Tags is a shortcut to selection by tag, used when applying multiple filters.

– All Shared is a shortcut to by owner, used when applying multiple filters.

– Click Apply to use the revised filter.

4. Click the Insight in the left column to view it.

Global Search

Use the Search field at the right end of the AppResponse 11 menu bar to enter search terms for items of interest, for example, URLs, IP addresses, named ports, or applications. Your search strings can include CIDR masks and wildcard characters. You also can choose the type of search performed. Just left and adjacent to the search field, click on the drop-down list icon. You can choose from these search types:

◼ Search — returns information related to your search term, organized by source. This is the default. Note that a DNS name typed as a search term will be resolved and shown in the search results as the corresponding IP address.

◼ Insight on — returns an insight of the type selected, providing detailed status and performance information on your search term. The search box describes the expected input, based on the search type selected, for example, IP address.

If you choose Search, a list of possible choices is displayed as you begin typing your search term. The more characters you enter, the closer the possible matches that are shown. Click a suggested match from the list or enter the complete search term and press Enter.

Supported Search String Formats

IP address search strings are supported in these formats:

◼ Fully qualified IPv4 address, such as: 10.91.126.84

◼ Fully qualified IPv6 address, such as: 2A03:2A03:2880:F000:F000:F000:0000

◼ IPv4 wildcard, such as:

◼ 10.91.*

◼ 10.91.*.*

◼ 10.91.126.*

Note that these formats are not allowed: 10.*.1.1; 10*

◼ IPv6 wildcard, such as:

◼ 2A03:2A03:2A03:2880:F000:F000:*:*

◼ 2A03:2A03:2A03:2880:F000:F000:F000:*

Note that a wildcard in the middle is not allowed.

◼ IPv4 CIDR, such as:

◼ 10.0.0.0/8

◼ 192.168.1.0/32

◼ Short form of IPv4 CIDR: 10/8

◼ IPv6 CIDR, such as: 2001:db8::/32

◼ Partial IPv4 address, such as:

◼ 10.

◼ 10.91.

◼ Partial IPv6 address, such as:

◼ AAAA:

◼ AAAA:BBBB:

Multiple IP addreses in the form of "10.0.0.1, 10.0.0.2" are not supported. Only one IP address or CIDR/wildcard is supported at a time.

URL search strings are supported in these formats:

◼ URL:, such as: http://www.riverbed.com?abc=55

◼ URL with wildcard, such as:

◼ https://www.riverbed*

◼ https://www.riverbed*.com

◼ http*://www.riverbed.com

Wildcards are supported everywhere in the URL.

Search Result Tabs

Search results will be organized into one or more of the following tabs, as appropriate for the results:

◼ DNS Lookups

◼ IP Addresses

◼ Web Page URLs

◼ Host Groups

◼ General Apps

◼ URL Apps

◼ Web Apps

◼ Auto-Recognized Apps

◼ Page Families

◼ Reports

◼ Insights

◼ Favorites

◼ Port Aliases (TCP)

◼ Port Aliases (UDP)

◼ Policies

◼ DB Types

◼ DB Instances

◼ DB Process Names

◼ DB Server Users

◼ DB Client Users

◼ DB Query Commands

◼ DB Query Statements

◼ DB Return Codes

For example, while looking at an Insight chart listing the busiest applications, you see an application named Epmap. Unsure of what this, exactly? Execute a search to investigate it by clicking the expand icon to the left of the search field and choosing Search from the drop-down list. As you start entering the name, a list of possible matches is displayed. Click a suggested match from the list or enter the complete string and press Enter. If your user input is a valid host name, resolved IP addresses are shown as click-on options in the suggested matches. The results for this search are shown below.

The list in the heading displays available information types, for example, Auto-RecognizedApps, or NamedTCPPort. By default All, the first choice, is used and displays all results. All resolved IP addresses are grouped into a single search result with links that start separate IP data searches on each of the resolved addresses.

Under each result, you can select the information that is of interest to you. For example, if you investigate the first result, “Epmap- Auto-RecognizedApps” the following details are available:

◼ Summary—This opens an Individual: AP Insight for detailed application traffic and performance metrics.

– Use the time interval in the top right corner to see the application metrics for a different time interval.

◼ New Favorites—Allows you to save Epmap as a new Favorite or add it to an existing Favorite.

◼ Definition—Opens the list of Auto-Recognized Applications where you find that Epmap is a “Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service, is used to remotely manage services.”

You can investigate the other search results tabs to find the TCP port or UDP port assigned to the Epmap application.

Insight on

You can choose to display an insight on your search term by choosing from the supported subjects listed in the drop-down menu:

◼ IP Address

◼ General/URL App

◼ Host Group

◼ Web App

◼ Web User Group

◼ DB Server IP

◼ DB Client IP

For example, in Navigator you see that the IP address 192.168.77.27 has the highest Total Throughput for the current time interval. To have a quick look at this IP you do an Insight on search for this IP address. The search results appear below.

The Individual IP insight shows you what the activity is on this IP address and its performance using timelines, bar charts, and sparkline charts.

Clicking on the Inputs drop-down icon in the top left corner shows the input used was 192.168.77.27:

To view the IP address with the second highest total throughput, replace 192.168.77.27 with that IP address and click Launch.

The Inputs drop-down list contains all of the available inputs that you can specify for the insight. You can create a custom insight and save it by clicking the disk icon in the top right corner of the insight. You can choose to enable Public (read-only), Shared or Private access to the saved insight.