Instead of an exact match or complete wild carded CLI, you can efficiently manage the large number of CLI variations using the Advanced CLI feature. You can add smart wildcarding for a CLI similar to a regular expression, instead of the generic wildcard (*). You can reduce the CLI count as per your requirements, instead of totally wildcarding similar CLIs.

Prerequisites

By default, the Advanced CLI feature is not enabled.

  • You must enable the Behavior Variant (BV) wildcard feature to view the Advanced CLI feature.
  • You can add Advanced CLI only when a particular process is marked to a Behavior Variant (BV) process.

To enable the feature and to mark particular process as a BV process, contact the VMware support team at https://www.vmware.com/support/contacts.html.

Procedure

  1. From the left navigation pane, click Scopes, and then click the required scope.
  2. Click the Services tab.
  3. Search and click the required service.
    In the right panel, make sure that you are in the Behaviors tab.
  4. Go the behavior that you want to edit, and click the card.
  5. You can view details by expanding > next to the CLI.
  6. Click Edit.
  7. To add an Advanced CLI, click Add Advanced CLI. You can add only one CLI per behavior card. The option is available only when a particular process is marked to a Behavior Variant (BV) process. To mark a BV process, contact the VMware support team.
  8. To wildcard similar CLIs, you can add the following characters.
    Parameter Description
    ? Matches any single character. For example,
    • xmx?G matches xmx3G and xmx1G.
    • server?.example.com matches server3.example.com and serverB.example.com, but not server10.example.com.
    * Matches an arbitrary string of characters. The string can also be empty. For example,
    • App1.jar* matches App1.jar 2019-11-20, App1.jar 2019-11-22, and so on.
    • server*.example.com matches server-ny.example.com and server.example.com (an empty match).
  9. Click Save.
  10. To delete the added CLI, click the trash icon.

    If you delete an already saved Advanced CLI, AppDefense resurfaces the underlying matched CLIs for that Advanced CLI. You can create another Advanced CLI as per provided steps.

Results

The CLIs are sorted and wild carded based on the advanced CLI inputs. The matching CLIs are then collapsed under the added Advanced CLI and all the connections under the matched CLIs are grouped and associated with the Advanced CLI.