Host Resources Jobs Flow

The following image shows the general flow of Host Resources jobs, though some parts of the flow may be enabled or disabled via parameters:

Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

The flow of host resources jobs related to Application Signatures is as follows:

Processes discovery runs as a part of the Host Resources job. Discovered processes are saved to the Probe's database (in the table netflow.processes). If the job's parameter discoverProcesses is set to true, these processes are added to the results vector at this point. Otherwise the processes are not reported immediately.

TCP discovery runs, which discovers all open ports; both listening ports and regular client ports. This data is saved to the Probe's database (in the table table netflow.port_process).

The Application Signatures engine is configured, and discovered processes and open ports are passed to the engine as input data. If Services and Installed Software objects were discovered, they are also passed to the Application Signatures engine.

Application Signatures runs, and performs identification of applications, and reports corresponding topology.

Process-to-process discovery runs, reporting client-server links between processes.