Application Metadata Intelligence

Application Metadata Intelligence generates more than 5000 attributes for more than 3200 applications without impacting the users, devices, applications, or the network appliances. The feature identifies applications even when the traffic is encrypted.

Application Metadata Intelligence (AMI) is enabled to multi-collect protocols with more than one metadata attribute of the same type. The multi-collect feature supports additional protocols such as DNS, GTP,GTPV2, DHCP, HTTP, HTTPS, SSL, HTTP_PROXY, HTTP2, KERBEROS5, and DHCP6.

The generated metadata is exported in IPFIX (IP Flow Information Export) format and CEF (Common Even Format) to security analytics and forensics tools thereby providing greater visibility to enforce corporate compliance.

The output from the Application Metadata Intelligence in CEF format can also be converted to JSON format using Observability Gateway Application (AMX) application. To learn more about OGW application refer to Application Intelligence—Application Metadata Exporter

Application Metadata Intelligence generates metadata only if the application is allowed to be passed in Application Filtering Intelligence. For example, Application Metadata Intelligence has the capability to generate metadata for HTTP traffic only if Application Filtering Intelligence filters in the HTTP traffic.

You can create an Application Metadata Intelligence session by following either of the two ways:

o   Create Metadata Intelligence by Selecting Applications from Dashboard
o   Create Metadata Intelligence by Editing Monitoring Session from Dashboard

 

NetFlow Support on Application Intelligence

On Gen3, the NetFlow solution is provided by the Application Intelligence solution. This feature enables when using the Application Intelligence solution for NetFlow configuration. The NetFlow application is supported by the Application Intelligence solution by abstracting the device level implementation. The Giga VUE-FM will display NetFlow as a new GSOP application, when the NetFlow license is installed on the node. Here you can configure NetFlow with the pre-defined V5 template or V9 attributes.

Note: When you enable NetFlow license, you cannot choose any application from the Application List and cannot configure application metadata.

Adding Source Traffic to NetFlow Session

By default, Map is enabled with Pass-all Map when APF (Advanced Packet Filtering) license is not available.

NetFlow Dashboard

In Appviz, only the traffic statistics are displayed as applications cannot be configured and used in the NetFlow configuration.