Description(Revising this post for a v3 of the bundle.) Key change for v3 is to make trigger code more readable and make an effort to update to 3.10 trigger best practices. Recommended for firmware 3.10 or later.
Quick Start Instructions
Download, import and apply the contents of the bundle. Edit the first line of the request trigger to enable version number tracking, when desired. Associate the imported trigger with a web server (or group of web servers) of interest. When the "User Agents" application appears after a few minutes, associate the three imported custom pages with the application. Explore!
- Download the bundle from the link above.
- In the ExtraHop appliance UI, login and navigate to Settings, Bundles, and then upload the bundle.
- Change the dropdown from Skip to Overwrite. Click Apply and then click OK.
- To enable version number analysis, set the following variable to true in the User Agent trigger var extractVersions = true
- Navigate to the device(s) or user-defined device group(s) corresponding to the HTTP server(s) for which you want to have user agent analysis performed. Click the link to the device information page.
Click to the Triggers tab and assign the User Agent Analysis trigger to the HTTP Server device(s) or device group(s).
Wait a few minutes. If and when user-agent strings start matching in the trigger, a User Agents v3 application will appear. Navigate to the Application tab and then click the User Agents v3 application.
Click the Application: User Agents v3 link at the top of the main panel to go to the application information page.
Associate the three User Agent... custom pages (loaded as part of the bundle) with the User Agents v3 application.
Navigate to the custom pages and begin exploring.