Documentation Nexus IQ Server 1.26

10.3. Application Categories

In any given business, you could have hundreds, maybe even thousands of applications. Even if you are just getting started, it’s likely you have a handful of applications. However, as unique as applications can be, they tend to share some similarities.

For example, you might have applications that process or store sensitive information, maybe even personally identifiable information for your users. Since attacks are often aimed at these types of applications, you will definitely want to make sure your policies that identify high and critical threat security vulnerabilities are included during the evaluation of these types of applications.

Unfortunately, especially as the number of applications in your business increases, identifying an application by name may not be helpful. To address this, application categories provide a way to quickly identify characteristics of an application.

Using specific text and color, an application category can help group particular applications with similar attributes. While an application category can ultimately be anything you want, and attached to any application, you will want to take a much more thought-out approach, similar to what is recommended for labels.

As we will see later, in order to maximize the benefits application categories can offer, you will want to take advantage of category matching between policies and applications. For now though, let’s see how to create, edit, delete, and apply application categories.

figs/web/sonatype-clm-server-tags-applied.png

Figure 10.7. Example of Applied Application Categories


10.3.1. Creating Application Categories

Application categories are created, edited, and deleted at the organization level and then assigned individually to each application.

To create an application category:

  1. Click the Organization & Policies icon figs/web/clm-server-manage-app-org-icon.png on the IQ Server toolbar.
  2. In the sidebar, select an organization.
  3. In the Application Categories section, click Add a Category. The New Application Category dialog is displayed.
  4. In the New Application Category dialog, set the following attributes:

    1. Application Category Name - Enter a name that is easily identified for it will be used to match an application to corresponding policies.
    2. Short Description - Enter a description that provides additional information about the category.
    3. Color - Select a desired color for the category.
  5. Click the Create button to add the application category to the selected organization.
figs/web/clm-server-new-tag-create.png

Figure 10.8. Using the Add a Category Button


10.3.2. Editing an Application Category

To edit an application category:

  1. Click the Organization & Policies icon figs/web/clm-server-manage-app-org-icon.png on the IQ Server toolbar.
  2. In the sidebar, select the organization in which the application category was created. The application category is displayed in the Application Categories section under the Local heading, and has a chevron in its row to indicate it’s editable.
  3. Click the application category you want to edit. The Edit Application Category dialog is displayed.
  4. In the Edit Application Category dialog, you can change the following attributes:

    1. Application Category Name - Enter a different name.
    2. Short Description - Enter a description that provides additional information about the category.
    3. Color - Select a desired color for the category.
  5. Click the Update button to save your changes to the application category.
figs/web/clm-server-edit-app-category.png

Figure 10.9. Editing an Application Category


10.3.3. Deleting an Application Category

To delete an application category:

  1. Click the Organization & Policies icon figs/web/clm-server-manage-app-org-icon.png on the IQ Server toolbar.
  2. In the sidebar, select the organization in which the application category was created. The application category is displayed in the Application Categories section under the Local heading, and has a chevron in its row to indicate it’s editable.
  3. Click the application category you want to delete. The Edit Application Category dialog is displayed as shown in the figure, Figure 10.9, “Editing an Application Category”.
  4. In the Edit Application Category dialog, click the Delete Application Category button. A Delete Category alert dialog is displayed. If there are applications assigned to the application category, they will be listed.

    [Warning]

    When you delete an application category, the action cannot be undone.

    [Note]

    You cannot delete an application category that’s used in a policy to affect policy inheritance. You must first remove the application category from the policy, and then delete the application category.

  5. In the Delete Category dialog, click Continue to delete the application category or Cancel to keep the application category.

10.3.4. Assigning an Application Category

In most cases, the people assigning application categories may be different from those creating them. It is important though to understand that while application categories are provided to identify characteristics of an application, a more important usage is to provide a way for policy managers to create specific policies that consider those application characteristics. For this reason, when assigning an application category, your application may be evaluated by a specific set of policies. This is a good thing, but it also makes the use of application categories an act that requires careful consideration.

To assign an application category to an application:

  1. Log in to the IQ Server using a user account that’s assigned to a role with Owner-level permissions for the application. The built-in Owner role has owner-level permissions by default.
  2. Click the Organization & Policies icon figs/web/clm-server-manage-app-org-icon.png on the IQ Server toolbar.
  3. In the sidebar, select an application.
  4. In the Application Categories section, click Assign App Categories. The Assign Application Categories page is displayed.
  5. In the list of assigned application categories, select the application categories you want to assign to the selected application.
  6. Click Update to save your selection(s).
[Note]

There must be at least one application category defined before you can assign any application categories. For more information, see Creating Application Categories earlier in this chapter.

figs/web/assign-app-category.png

Figure 10.10. Assigning an Application Category


[Tip]

Once application categories are created and assigned, you can use them to apply policies to a subset of applications in an organization through inheritance. For more information about policy inheritance and application categories, see the Basic Policy Management chapter.