I would like to be able to categorize all CIFS traffic on a particular network using fingerprints within Netsight/purview (7.0.4.29) into a given Application/Application Group. The problem I'm having is that we have a network for backups that talks to another production storage network to grab files for the backup.
When I look at my flows, I try to add a fingerprint by right clicking on the flow and specifying add fingerprint for Address with Port. When I do this, the address is the server for the production storage network, not the backup network. I thought I would get smart and edit the myappid.xml file and manually enter the backup network IP/CIDR, but that doesn't seem to be foolproof, as I'm still seeing flows incorrectly categorized.
I believe this has to do with how purview handles client/server communications - in this case, the backup network initiates the communication, which is categorized as the client. It seems purview only wants to apply fingerprints for networks based on the server side of the communication.
In short, how can I use fingerprints to say all traffic from "client" network A on port 445 belongs to a particular application/application group?