When you first log in, you are presented with the list of security scopes; the security scope can be created due to a provisioning event or you can create the scope manually. A security scope defines the relevant configuration elements to protect an application and its constituent workloads. These configuration elements are like a blueprint or a birth certificate for the application. It contains a description, member workloads, rules, and behaviors. Security scopes are a grouping of data center assets (VMs, Containers, and so on) that make up an application or a regulatory scope. You can manually create a scope and add services based on an application tier or a role within the scope. You can then add a virtual machine (VM) within a service and then begin learning behavior, and enforce rules.
Click the name of the scope and go to the Services tab and view the details. The middle section displays all the services. The number with a red circle indicates the number of alarms for that service. The right section displays Behaviors, Members, and Rules tabs. By default, you see the Behaviors tab.
AppDefense stores data for your application that includes:
- Application (Scope) name
- Application Service tier names
- VM names (Members)
- VM IP addresses
- Process behavior (process name, file path, CLI arguments, hash)
- Network behavior (destination IP address, port, protocol)
- Security alerts/events (process and network behavior violations)
- Organization (tenant customer) name
- User (tenant customer admin) email addresses
|Sort or filter processes.|
|Indicates that the Scope is in Discovery Mode.|
|Indicates that the Scope in Protected Mode has triggered alarms.|
Click to view Behaviors as a list.
|Click to view Behaviors or Members as cards.|
|Click to view Members data as columns.|
|Point to and view information.|
|Click to chat with the VMware AppDefense support team.|