When you click Scopes in the left navigation pane, you are presented with the list of security scopes. The security scope can be created due to a provisioning event or you can create the scope manually. A security scope defines the relevant configuration elements to protect an application and its constituent workloads. These configuration elements are like a blueprint or a birth certificate for the application. It contains a description, member workloads, rules, and behaviors. Security scopes are a grouping of data center assets (VMs, Containers, and so on) that make up an application or a regulatory scope. You can manually create a scope and add services based on an application tier or a role within the scope. You can then add a virtual machine (VM) within a service and then begin learning behavior, and enforce rules.

In the left navigation pane, click Scopes. The Scopes home page appears.

  • : Indicates that the Scope in Protected Mode. If alarms are triggered, you see red icon at top .
  • : Indicates that the Scope is in Discovery Mode.
  • To move scope to protected mode, click Protect.
  • To view alerts for the scope, click View Alerts.

Click the name of the scope. You can see Scope Dashboard, Application Topology, and Services tab.

Go to the Services tab and view the details. Click Scopes to go back to the Scopes home page.

The middle section displays all the services. The number with a red circle indicates the number of alarms for that service. The right section displays Behaviors, Members, and Rules tabs. By default, you see the Behaviors tab.

AppDefense stores data for your application that includes:

  • Application (Scope) name
  • Application Service tier names
  • VM names (Members)
  • VM IP addresses
  • Process behavior (process name, file path, CLI arguments, hash)
  • Network behavior (destination IP address, port, protocol)
  • Security alerts/events (process and network behavior violations)
  • Organization (tenant customer) name
  • User (tenant customer admin) email addresses