types are also displayed for a particular host on each individual host page in a table called “Unmatched Processes”.
Figure 3-12 Example “unmatched processes” table
You can sort or filter this table to find processes with which you want to define an application.
TIP:
One way to reduce the amount of “noise” cluttering your tables is to create a template that collects “uninteresting” processes into an application that can be hidden.
Filling in the system scope fields using table data
In the following image, you can see the columns directly relevant to the System Scope fields in an application template (dark gray column headings). By entering a specific operating system (OS), operating system version (OSver), and/or architecture (Arch), you can limit the application of the template to particular systems in your network.
Figure 3-13 Finding data to enter in system scope area of application template
For more details about this part of an application template, see “Application identity and system scope fields and their descriptions” (page 30).
Filling in the template separation rule fields
In the following image, you can see the columns indirectly relevant to the Separation Rules fields in an application template – pid, ppid, user, sid, and ct. These columns are indirectly relevant because you do not use the actual values in the columns to define the separation rule. Instead, this information is provided to help you decide which attributes are appropriate to select.
For example, when viewing the data in the table, look at the relationships among process IDs, users, and sessions to determine what relationships you want to define in the Separation Rules.
Figure 3-14 Finding data to enter into Separation Rule fields
For details about setting attributes in an application template, see “Separation rule fields and their descriptions” (page 31).
Filling in the aggregation rule fields using table data
In the following image, you can see the columns directly relevant to the Aggregation Rule fields in an application template. By entering one or more users (User), groups (Group), paths (Path), and/or arguments (Cmdline), you can limit the application of the template to particular processes running in your network.