[Snort-openappid] custom appid detector for a browser

Costas Kleopa (ckleopa) ckleopa at ...5...
Mon Jun 13 15:41:08 EDT 2016


Could you give us some more information on what custom rule you have used for that?
Custom detectors should also work with custom rules also. 
What snort version are you using?

Thanks
Costas

> On Jun 10, 2016, at 4:48 AM, Mark Brereton <brerem at ...135...> wrote:
> 
> 
> I recently created a custom detector for a browser using the appid_detector_builder.sh script. Once I enable the detector, it is detected within the appstats but doesn't work if I add it to a custom rule. As a control, I created similar rules using standard detectors, like the chrome browser and these work fine with both stats and within rules. Are custom detectors only intended for use with appstats, or is there something I have overlooked? Is it correct that the appMapping.data file is only intended for use with standard detectors?
>  
>  
> 
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are 
> consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
> J-Flow, sFlow and other flows. Make informed decisions using capacity 
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> Snort-openappid mailing list
> Snort-openappid at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-openappid
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-openappid mailing list