FAQ
How to arbitrate between applications when an IP has identified multiple applications?
In network management, identifying applications based on their IP adresses is a fundamental practice. However with the proliferation of cloud services, content delivery, network CDN), and virtualised environment, multiple applications often share the same IP address. This overlap create challenges for accurate applications identification, making IP based traffic less reliable.
What can you do?
Here's how you can approach this situation.
Block: If one or more applications linked to the IP are undesirable or suspicious, you can choose to block them entirely.
Prioritize: If one of the applications is more critical to your organization’s workflow or security, you can prioritize it while deprioritizing or blocking the others.
How to choose?
When arbitrating between multiple applications, it is recommended to always prioritize based on the destination. The destination typically provides a clearer indication of the intent behind the connection, and prioritizing by destination can help ensure that legitimate business-critical applications are allowed through, while minimizing risks associated with less important or potentially harmful traffic.
For instance, if one application is associated with a recognized corporate service and another with a general internet site, it may be better to privilege the corporate service for continuity and security reasons.
Potential for Error
Keep in mind that misjudging the correct application or destination can happen, it also can lead to unintended consequences. For example, blocking a crucial application could disrupt business operations, while prioritizing a less important or risky application might expose your network to vulnerabilities.
I get categorization results for 127.0.0.1 or 192.168.0.1 or other local IPs, is this normal?
Yep. This can happen as some apps include these IPs for internal purposes. If this doesn't make sense in your use case, please consider implementing voiding of such requests upstream.
I can't get to use some endpoints despite having valid credentials and remaining credits?
Please note that our service has different permission levels. Depending on your subscription details, you might not be allowed to use some ressouces and the API endpoints or SDK methods might therefore return 403 responses or partial data.
Permissions | Usage | |
|---|---|---|
| Include URL/domains data in categorizations results through the API using the | |
| Include SaaS apps data in categorizations results through the API using the | |
| Usage of the | |
| Include URL/domains data in categorizations results through the SDK using the | |
| Include SaaS apps data in categorizations results through the SDK using the | |
| Usage of the |
You can get your permissions info through the GetLicenceInfo endpoint of the Authentication API.
Please get in touch with our sales team if you have any questions regarding your licence and associated permissions.
How do categorization credits work?
Categorization credits are essential for controlling the number of categorization requests allowed under your client's license. Below are the specific details of how they function:
What are categorization credits?
Categorization credits represent the number of categorizations allowed based on your license. Each time the API successfully returns a categorization result for a URL or IP, one credit is deducted.
When are categorization credits consumed?
Credits are deducted when the API returns a valid categorization through the following endpoints:
GetCategoryGetSimpleCategoryBulkCategory- in this case, as much credits will be consumed as you have included URLs or IPs in your request.
The other endpoints do not consume categorization credits.
Are categorization credits consumed for every request?
No, credits are only consumed for valid categorization results from the above endpoints. Other API requests and endpoints do not use credits.
What happens if a request fails?
If a request results in an error or an invalid categorization, no credits are deducted.
How can I monitor my remaining categorization credits?
You can check your remaining credits for the day via the property credits_per_day, accessible via the endpoint GetLicenceInfo of the Authenticate API .
When do categorization credits refresh?
Your credits are refreshed daily and reset according to the UTC+0 timezone. This ensures you have a fresh set of credits available every day based on your licensing agreement.
How do I use applications logos?
What are application logos?
Application logos are small image files representing the SaaS applications' logo. Here are some key points about them:
Source: logos are manually collected from the application's website or documentation.
Standardization: there is no standardized quality for these images.
Format: images are converted to PNG format and resized to a transparent 64x64px format.
Size: on average, each logo file is approximately 2 KB.
Who has access to application logos?
Access to application logos is determined by specific permissions:
For SDK: the permission update-logo-data is required.
For API: the permission query-logo-data is required.
Permission Changes: If a client’s permissions are modified, the database must be restarted to reflect the changes.
How are logos stored?
Logos are kept updated alongside all other data during the execution of the Updater.
The Updater ensures that the latest logo data is available in the system.
How to use application logos?
We provide a service to access and update SaaS application logos stored locally. Here’s how you can use the logos:
Obtain a Logo ID: use the
GetApplicationInfomethod to retrieve the logo_id associated with an application.Retrieve Logo Data via SDK: use the method
GetLogoDatawithin the SDK to fetch the logo data.Retrieve Logo Data via API:
- REST API: use the endpoint
GetLogoDatato obtain the logo_data. The image will be encoded in Base64 format for transmission.- gRPC API: use the endpoint
GetLogoDatato directly fetch the logo data.