Views:
If you enable the Operations Behavior Anomaly DetectionApplication Behavior function, applications found on the StellarProtect agent-device will be added to its baseline and displayed on the Situaional AwarenessApproved Applications page.
See the following table for more details about the Approved Applications page.

About the Situaional AwarenessApproved Applications Page

Item
Description
Baseline Toggle
Allows you to determine if you want to include the approved applications in the baseline. If you turn it off, the running of the corresponding application will be viewed as unexpected changes and relevant events will be generated.
Application
Displays the product name of the approved application stored in the baseline.
Size
Displays the size of the approved application.
SHA-1
Displays the SHA-1 file hash value of the approved application
SHA-256
Displays the SHA-256 file hash value of the approved application
path
Displays the file path to the approved application
Version
Displays the version of the approved application when it was added to the baseline
Added From
Displays the sources the approved applications are added from:
  • Learn mode: the approved applications have been detected and added to the baseline during Operations Behavior Anomaly Detection "Learn" mode.
  • Event action: the approved applications have been added to the baseline by StellarOne administrator manually from the agent events (by clicking the Add to Baseline action button). See Add to Baseline for more details.
    Note
    Note
    • If the approved applications are added during the "Learn" mode, the agent learns not only the applications but also the relevant behaviors; different application behaviors may be detected as anomalies.
    • If the approved applications are added from the event action "Add to Baseline", the applications will be viewed as "exceptions" and associated behavior changes will be treated as acceptable.
Time Added
Displays the time when the approved applications were added to the baseline.
Note
Note
TXOne Networks recommends switching back to Operations Behavior Anomaly Detection Learn mode before running the application updates.