What is a Filter and Why Are They Needed?

Two types of data are collected by Faddom - nodes (i.e. Servers) and connections. By default, Faddom will show all connections related to a specific server - this ensures that you don't miss anything. The Filters are a set of rules to enable the filtering out of anything that you do not want to see in the context of a specific application map, or groups of maps, to make it easier to understand. No filter is permanent and can be Deleted

These are the filters that can be accessed quickly and effortlessly from the Application Maps. These are accessed by right-clicking on the connection/server you wish to filter by and selecting one of the options.

For a server, you have Filter out which will remove the server itself from the particular map, and Filter outgoing which will remove all outgoing connections from the server while leaving the server in the map. When you create a filter that filters outgoing traffic for a server, that server will not be expanded if you later add another layer to the map.

For a connection, you can either click on Filter connection to remove the connection itself, or filter out the port will remove ALL connections on that port from the map.

You can filter multiple servers and/or connections at once by holding down the Ctrl button or by using the Area selection tool. Then right-click and use the Filter out or Filter outgoing buttons in the menu.

Once done you can save the results as the new baseline for the map so that all changes to that map from now on will be against the updated map. If you are filtering out from the edit mode (by clicking the edit map icon on the upper right hand side), the baseline will automatically be updated for you when you click on Save Map.

Advanced Filters provide more functionality and more customizability than the Basic Filters. They allow defining filters using wildcards and by adding them to a group, can be applied to multiple maps.

With the Advanced Filters, you have two options. A Connection filter allows you to filter out a connections, while a Server filter to filter out objects that Faddom has detected (e.g. servers, IP Groups, service dependencies etc.)

Each filter can be optionally added to a group. A group of filters can be applied to multiple maps (or all maps) to make it easy to manage. Then, each filter in the group can be enabled or disabled on a per map basis.

You can create a filter group in two ways, either by going to Settings > Discovery Filters or when creating/editing a map by selecting Edit filters.

To create a Filter Group, you need to provide a name and define the scope of which map/s it applies to. When creating the group from a map, This is set to the current map by default. For those created through the Discovery Filters, by default Multiple Maps is selected.

It is possible to create filters without the need to have an Application Map. When created, these filters need to be added to a group. To create filters this way, you do the following

When you create an Application Map, it will update overtime. Occasionally, you may see connections being added and removed in a repeated pattern, for example, a backup server. If this connection happens less than once every 24 hours (by default) then it will be removed.

If you would still like this server to appear in the map but don't want to be notified every time there is a change in the map, you can create an Ignore Filter. This can also be created when reviewing the map changes in the Change Summary and selecting Ignore on a Connection

It is possible to modify how a filter or group applies to your Application Maps. Including which group a filter or set of filters belongs to as well as deleting a filter or group from Faddom. This enables you to apply filters logically to ensure your Application Maps are fully optimised.

As a Filter can only belong to one group, there may be times when you need, to change its group membership. To do this, you select the filter/s you wish to move (selecting the group will select all filters in the group), then click Move to... and select the new group. Your filters will be amended and the relevant Application Maps will be updated accordingly.

Sometimes, you may wish to remove a filter or group entirely from Faddom. To do this, you select find the filter/group in the list, then click the Delete icon at the end of the and confirm the action. Your filters will be removed and the relevant Application Maps will be updated.

These are servers that Faddom has identified for potential exclusion from your maps, such as monitoring servers, antivirus systems, or domain controllers, which interact broadly across your environment. This ensures that you can easily filter out the noisiest servers easily.

These are default filters that the Faddom system has applied. These filters are applied to all Application Maps by default to help filter out connections that are not relevant for the majority of your maps. These include port 9545 for Faddom sensors, and NTP 137/138/139. These filters can be Deleted and other filters can be added to this group if desired.

Faddom has the ability to identify groups of external servers by the ASN that has been assigned to them. This allows Faddom to group sets of servers together regardless of IP address if you are using an external service, such as Azure AD where every time there is a connection it is a different IP address. If this has been done, you will see the icon below on the map.

Additionally, you can create a filter (Local or Global) to filter out ASN groups entirely. You do this by going to create a new filter, Edit the map, Select Local or Global Filter > Servers > ASN Group > Choose from the dropdown.

​

You can toggle this on and off on a per map basis through the Edit Map screen by going to Applied Filters > General and selecting/deselecting the Group Servers By ASN option.