How to create a custom fingerprint on purview?

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
Hello all,

Everyone knows how to creat  a custom fingerprint on purview?  or where I can find the sample to refer to?

Thanks.

Regards,
Joy
Photo of Joy Liu

Joy Liu

  • 228 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,640 Points 5k badge 2x thumb
Greetings Joy,
This is discussed in some detail in the Purview Users Guide, starting about page 35.

If you navigate to this link.
https://extranet.extremenetworks.com/downloads/Pages/NMS.aspx


Select Documentation -> Select Manuals and Release Notes -> Select Version 6.2 -> Select Purview Users Guide.
Search for Custom Fingerprint Examples.

Since it is pretty comprehensive, I won't try to guess what approach you would like to take. if you have a specific example you would like to cover, please post more detail on what your trying to capture. If it's secure information, then I would recommend opening up a case.
Photo of Joy Liu

Joy Liu

  • 228 Points 100 badge 2x thumb
Hi Mike,

Thanks for your feedbacks, and it's very useful for me.

Regards,
Joy
Photo of Joy Liu

Joy Liu

  • 228 Points 100 badge 2x thumb
Hi Mike,

In addition question, I would like to creat a fingerprint base on port and destination address, however I can not set multiple port number in a single fingerprint.

e.g.

port 21,449,8449
destination address 192.168.1.1
new custom fingerprint name "Internal-AS400"

Do you know how to accomplish it or any other suggest?

Thanks.

Regards,
Joy
Photo of Thomas, Frank

Thomas, Frank, Employee

  • 1,902 Points 1k badge 2x thumb
You create 3 fingerprints with the same Name.
E.G
port 21
destination address 192.168.1.1
new custom fingerprint name "Internal-AS400"

Port 449
destination address 192.168.1.1
new custom fingerprint name "Internal-AS400"

8449
port 21
destination address 192.168.1.1
new custom fingerprint name "Internal-AS400"

Example Microsoft Lync Signature
Top one is:
 <Signature protocol="udp" confidence="92" name="APP:LYNC-MEDIA" group="realtimecomms" createdDate="2014061300" modifiedDate="2014061300">    <AppID>61013607</AppID>
    <DisplayName value="Microsoft Lync"/>
    <ExtendedLanguage>
      <Match>
        <InternalMatch id="lync_media"/>
      </Match>
    </ExtendedLanguage>
    <Description><![CDATA[Microsoft Lync (formerly Microsoft Office Communicator) is a enterprise ready unified communications and collaboration platform.]]></Description>
    <Enabled value="yes"/>
  </Signature>

Bottom one is:
 <Signature protocol="tcp" confidence="85" name="APP:LYNC-SIGNALING" group="realtimecomms" createdDate="2014073100" modifiedDate="2014073100">    <AppID>62013617</AppID>
    <DisplayName value="Microsoft Lync"/>
    <ExtendedLanguage>
      <Match>
        <InternalMatch id="lync_signaling" require-protocol-data="true"/>
      </Match>
    </ExtendedLanguage>
    <Description><![CDATA[Microsoft Lync (formerly Microsoft Office Communicator) is a enterprise ready unified communications and collaboration platform.]]></Description>
    <Enabled value="yes"/>
  </Signature>

Either of these signatures will appear as Microsoft Lync when you generate reports for Lync.
Photo of Joy Liu

Joy Liu

  • 228 Points 100 badge 2x thumb
Hello Frank,

I got it, thanks a lot.

Regards,
Joy