Discovering Application Connections and Resources Automatically

To help you build the connections that your application needs, SecureApp can suggest source, service, and destination information based on the rule log information from your firewall devices. After you manually add resources for your application to the source or destination fields, you can use connection discovery to identify real connections that use those resources. You can then add the discovered resources to the connection to complete the connection information.

To run connection discovery, you must be the owner or an editor of the application.

  1. Connection discovery is available in single domain mode only (see Enabling Multi-Domain in SecureApp for more information).
  2. Connection discovery available for devices monitored by the SecureTrack central server only.

For example, you know that your CRM application requires connections to the CRM database server, but you don't know where those connections come from and what services they use. To help you define the connections that the CRM requires:

  • Manually create a resource for the CRM database server with its IP address and add it to the destination of the connection.
  • When you click to start connection discovery, SecureApp reviews the actual allowed or denied network traffic that was sent to the CRM database server and was logged by your firewalls.
  • The discovery results show you the sources and services that were in the traffic to that server.
  • To complete the connection, you just have to add the relevant sources and services from the list of discovered resources to the connection.

Connection discovery is not supported for connections:

  • That have AWS servers in the source or destination. To discover AWS connections, go to the connectivity map and click Discover.
  • From/To devices monitored by a Remote Collector in a Distributed Architecture environment. Connection discovery is only supported for devices monitored by the Central Cluster.

Discover Application Connections and Resources

Prerequisites

Verify with your network administrator that:

  • The traffic that you want to discover is routed through a firewall device and does not use IPv6 addresses

  • The firewall device has an accept or deny rule (for example, a cleanup rule) that logs traffic hits

  • The firewall device is monitored by SecureTrack and configured to send syslogs to SecureTrack (Configuring Devices to Send Logs)

Configure Settings

  1. Log in to SecureApp.

  2. Go to Settings > SecureApp Settings and define the following:

    1. Server Name: Syntax that is used as the name for discovered IP addresses that are not associated with a server.

      • You can add text that is appended before and/or after the IP address.

      • You can use the DNS server that is configured in the operating system to resolve the DNS name listed for the IP address.

    2. Connection Discovery: Default duration of the discovery in days.

    3. Click Save.

Run Connection Discovery

  1. Go to the Applications page, and click on the application for which you want to discover connections.

  2. Identify a connection for which you want to discover connections, or create a new connection and add at least one server from your application to the source or destination field of a connection.

    Because connection discovery lets you discover connections for your application, the field that the discovery is based on must only include servers that belong to your application. It cannot include servers from another application, users or ANY.

  3. Click Save Connections.

  4. In the connection, go to Discovery > Start discovery to start the discovery.

    Unless you stop the discovery, it runs for the number of days set in Settings > SecureApp Settings at the time the discovery starts.

    No more than 10 connections can have connection discovery running concurrently.

  5. Select the fields that you want to discover for the connection.

    The field that the discovery is based on is locked and you cannot change it or the resources in it while discovery is running.

    As the discovery continues, the number of discovered resources is shown. You can open the list of discovered resources while discovery is running or you can stop the discovery. After you stop the discovery, before you can run discovery again you must clear all of the discovered resources.

  6. Click on the number of discovered resources to see the results.

    The results show up to 100 servers with their IP addresses, and 100 services with their protocol and timeout.

    Some reasons a connection may not be discovered are: the traffic is not routed to pass through a monitored firewall policy, the traffic was not logged by a firewall rule, the firewall is not configured to send syslogs to SecureTrack, the IP address or service is translated with NAT

  7. To edit the name of a server, or the name and timeout of a service, you can select it and edit the name and timeout value.

  8. To add discovered resources to the connection, select the resources and click Save.

    For any discovered resource that does not already exist in SecureApp, the resource is added to SecureApp.

    All discovered server resources are single hosts. If you find that there are many discovered hosts in a subnet, consider manually creating a subnet and add it to the connection. If you find that there are many server or service results, you can also select the resources to create them, add them to a resource group and add the resource group to the connection.

  9. To clear the discovery results, you must:

    • Select the resources that you want to add to the connection and click Save.

    • Delete resources that are not relevant to your application and click Save.

    Any new resources are saved and the connection is saved with the selected resources.

  10. To stop connection discovery, go to: Discovery > Stop discovery

You can create a ticket for changes that you make while connection discovery is running or after it is stopped.