Cloud Application Usage Monitoring

bundle

#1

###Bundle details and download
https://www.extrahop.com/community/bundles/heliox/cloud-application-usage-monitoring/

###Description
This bundle provides a trigger and multiple dashboards that enable you to capture and track traffic from a variety of cloud-based applications. In addition, you can add new applications to the existing categories or create a new category to add applications to.


#2

The bundle has been updated to include Snapchat in the Social category!


#3

I notice that this bundle doesn’t track netflix very effectively at all…

Looking at the trigger code, I can’t understand why…

Do we have a more effective way to do this or is this visibility on anyone’s top list any longer?


#4

is there a way to migrate from V1 to V2?


#5

Delete the V1 dashboards and the trigger, then install V2.


#6

So it looks like even new metrics for this bundle? is that correct or am i miss reading this. it would be nice if you can keep the same metric names a little bit an maybe modify them or overwrite them. This sure leaves a lot of metrics out there that are unused now. And can be confusing when trying to build dashboards. So trying to figure out which ones to use.


#7

Also in the old one i could identify my proxy and my external global NAT address. But I can’t on this one. So right now it is showing Double what the actual traffic is.


#8

V1 bundle was a popular community bundle, about 4-5 years old that had many issues. V2 bundle is a complete rewrite. V2 is an ExtraHop supported bundle with new metrics and metrics for Unknown Cloud Applications. V2 consolidated 17 dashboards into a single dashboard, has widgets with drill-downs that we could not do before, creates EXA records and enable you to build EXA queries.


#9

During the development of the new version, it was discovered that the old version was not accurately counting the amount of traffic, especially over SSL. So, what you are seeing is not a double-counting, but a much more accurate portrayal of the amount of traffic various applications are using.

As for visibility in to your proxy and NAT addresses, the triggers are assigned to your HTTP client and SSL client device groups. If those devices are not in those groups, then they won’t show in the metrics. The trigger also explicitly ignores traffic destinations in the rfc1918 address space.


#10

Well both those devices are in the Http client and the SSL client because they proxy which means they act as the client. And from what I can tell no way to exclude them from those groups. So now need to write something to exclude them from This trigger.


#11

Old Cloud Application bundle trigger had assignments to the Device Groups HTTP Clients and SSL Clients as does the New Cloud Application bundle trigger, no change there.


#12

Right and the last one I put an if statement in so I could keep from capturing this traffic was hoping you all had added the same thing as a variable.


#13

Is there a way to make this bundle proxy server friendly?