[Snort-openappid] custom appid detector for a browser

Mark Brereton brerem at ...135...
Fri Jun 10 04:48:52 EDT 2016


I recently created a custom detector for a browser using the appid_detector_builder.sh script. Once I enable the detector, it is detected within the appstats but doesn't work if I add it to a custom rule. As a control, I created similar rules using standard detectors, like the chrome browser and these work fine with both stats and within rules. Are custom detectors only intended for use with appstats, or is there something I have overlooked? Is it correct that the appMapping.data file is only intended for use with standard detectors?
 
 




More information about the Snort-openappid mailing list