Host Resources Jobs Flow

The following image shows the general flow of Host Resources jobs, though some parts of the flow may be enabled or disabled via parameters:

The flow of host resources jobs related to Application Signatures is as follows:

  1. Processes discovery runs as a part of the Host Resources job. Discovered processes are saved to the Probe's database (in the table netflow.processes). If the job's parameter discoverProcesses is set to true, these processes are added to the results vector at this point. Otherwise the processes are not reported immediately.

  2. TCP discovery runs, which discovers all open ports; both listening ports and regular client ports. This data is saved to the Probe's database (in the table table netflow.port_process).

  3. The Application Signatures engine is configured, and discovered processes and open ports are passed to the engine as input data. If Services and Installed Software objects were discovered, they are also passed to the Application Signatures engine.

  4. Application Signatures runs, and performs identification of applications, and reports corresponding topology.

  5. Process-to-process discovery runs, reporting client-server links between processes.