I'm using the FW-logs in order to transform the security policies from legacy services towards app-id.
ML logs are onto the system etc.
Analysing rules via: R-click / App-id adoption / retrieve app (slow-fast) works fine.
Fi. Apps Splunk, ms-kms are detected.
When I convert the rule using "App-ID reconciliation / recommended", the service is converted to the detected app-id as-is.
However application dependencies are not taken into account?
fi. Splunk depends on web-browing, sms-kms depends on msrpc-base. This is leading to non-working policies.
I'm using Expedition: 1.1.42 (VM) and 126.96.36.199 (Physical server) both have the same behavior, while I believe this used to work in previous versions?
Thanks a lot,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!