cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Webex monitoring as a cloud app?

matthew_eisengr
Inactive

Hi,

I know as of 12.3 we introduced the ability to monitor cloud apps like Office 365, Salesforce, SAP, etc.

Has anyone had experience in identifying Webex as a cloud app. I have the IP ranges that I expect the traffic from of that helps.

Also on a side note, it the customer is pre-12.3, can we manually identify this traffic? I tried manually adding the software service but quickly hit the 5000 server/port combination max.

7 REPLIES 7

chris_v
Dynatrace Pro
Dynatrace Pro

12.3+ it'd be easy. You add it as an auto discovered definition by URL e.g. *webex.com and you're done.

Prior, you should just define it as the ip ranges and port (it's all SSL I think - so just TCP 443), you won't have the keys so just use the SSL decode (not SSL Decrypted).

matthew_eisengr
Inactive

Thanks Chris,

Even with only port 443, the range of servers is too large and we continue to hit the 5000 limit.

I think the only way forward it to go to 12.3 and add the URL as you described.

12.3+ also alleviates the port count limit too.

matthew_eisengr
Inactive

Chris,

I just tried doing this in a 12.3 but couldn't add a content based filter. any thoughts?

chris_v
Dynatrace Pro
Dynatrace Pro

@Matthew E

Apologies, I didn't provide a detailed enough answer.

You'll have to create a content rule to use first.

On each AMD is a pktmatchconfig.xml file (in the /usr/adlex/config directory). There's no UI for this (yet I hope).

In it are plenty of examples you could use to copy from. e.g. for O365....

So you could try something like:

<protocol>
<name>WebEx</name>
<rule>
<serverAddr>NONE</serverAddr>
<sslServerName>webex.com</sslserverName>
</rule>
<rule>
<serverAddr>NONE</serverAddr>
<sslServerName>.webex.com</sslserverName>
</rule>
</protocol>

Save it to your AMD, use RUM Console to re-read the configuration. then you should be able to create a new auto discovery rule using WebEx as a new content rule.

As WebEx typically gives your organization it's own domain name you can be more specific. so you could add another more specific rule:

<protocol>
<name>Internal WebEx</name>
<rule>
<serverAddr>NONE</serverAddr>
<sslServerName>mycompany.webex.com</sslserverName>
</rule>
</protocol>

ulf_thornander3
Inactive

Thanks Chris!

I was going bananas trying to figure out what version and where you configured a SS without specifying the IP. I've talked and presented it many times but never really gotten around to do one 🙂

matthew_eisengr
Inactive

Chris... this is brilliant! Thank you very much!

Will go back to the customer and try it.