Managing Traffic Filters: Application Groups

You must have Root scope to use this feature.

Application groups are an efficient way to filter traffic. After you create application definitions, you can group them for more efficient use when configuring your sensors for metadata filtering. Stellar Cyber includes many groups already, such as advertising, cryptocurrency, and gaming. You can create custom groups from scratch, or use the existing groups as a basis for your new, custom groups.

The table in this pane operates the same as all other tables in Stellar Cyber. You can sort, add, edit, and delete, and export the displayed list. The option to edit or delete is disabled for groups defined by Stellar Cyber.

To create or edit an Application filter:

  1. Select System | DATA SOURCE MANAGEMENT | Data Filters | Traffic Filters.

    A panel for managing the traffic-based Application filters appears.

  2. Select the Application Groups tab.

  3. Select Create to add a filter (the Add Traffic Application Group dialog box appears) or select the Edit button to edit a row.

  4. In the General section of the dialog box, enter a Name for the Application Group.

  5. Choose a Tenant.

    You can choose a specific tenant, the root tenant, or All Tenants.

  6. (Optional) Copy From existing Application groups, if you want.

    For any group you specify here, the next step populates all the applications in that group so that you can customize it further. You can use this method, for example, to "clone" an existing Stellar Cyber applications group and add or remove specific applications.

    Screen capture of the General section in the Add Traffic Application Group dialog box

  7. Select Next.

    The List Definition section appears.

    If you selected any Application Groups in the previous step, they are displayed in the Application List.

    Screen capture of the List Definition section in the Add Traffic Application Group dialog box

    • To add applications to the group, select Applications .

      A new row appears; click in the field to display the application selection list.

    • To delete an application from the group, select .

      The application is immediately deleted.

  8. Select Next.

    The Done tab appears.

    Screen capture of the Done section in the Add Traffic Application Group dialog box

  9. Review your new group and then select Submit.

    Your new custom application group is immediately created and the list is updated.

You can now use your application group as a filter in the metadata section of a sensor profile.