<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi Edison<div><br></div><div>You do not have to update the appMapping.data manually. Using the API, and a detector ID will be created automatically on your behalf. The API documentation can be found here:<a href="https://www.snort.org/downloads/openappid/1794" target="_blank">https://www.snort.org/downloads/openappid/1794</a>.</div><div><br></div><div>The basic idea is that you use the API to generate the AppId for you, and then depending on what you are attempting to detect (HTTP, TCP, etc..), you use the respective API calls. </div><div><br></div><div>Search Snort's blog for openappid, there will be a couple of presentations and videos. These were helpful in my case:</div><div><br></div><div><a href="http://blog.snort.org/2015/01/announced-at-rsa-snort-2.html" target="_blank">http://blog.snort.org/2015/01/announced-at-rsa-snort-2.html</a></div><div><a href="http://blog.snort.org/2014/10/derbycon-openappid-presentation.html" target="_blank">http://blog.snort.org/2014/10/derbycon-openappid-presentation.html</a></div><div><a href="http://blog.snort.org/2014/06/openappid-training-videos-how-to-create.html" target="_blank">http://blog.snort.org/2014/06/openappid-training-videos-how-to-create.html</a></div><div><br></div><div>Hope this helps.</div><div>YM<br><br><div><hr id="stopSpelling">Date: Wed, 27 May 2015 15:59:32 -0300<br>From: efjgrub@...8...<br>To: snort-openappid@lists.sourceforge.net<br>Subject: [Snort-openappid] New Detectors<br><br><div dir="ltr"><div style="padding:0px;color:rgb(68,68,68);font-family:'Segoe UI';font-size:14px;line-height:20px;"><span id="ecxouHighlight__0_2TO0_4" style="padding:0px;">Hello</span><span id="ecxnoHighlight_0.010069567710161209" style="padding:0px;">,</span></div><br style="padding:0px;color:rgb(68,68,68);font-family:'Segoe UI';font-size:14px;line-height:20px;"><div style="padding:0px;color:rgb(68,68,68);font-family:'Segoe UI';font-size:14px;line-height:20px;"><span id="ecxouHighlight__0_21TO0_17" style="padding:0px;">How can I get help</span><span id="ecxnoHighlight_0.43808625894598663" style="padding:0px;"> </span><span id="ecxouHighlight__23_26TO19_20" style="padding:0px;">to</span><span id="ecxnoHighlight_0.13652031286619604" style="padding:0px;"> </span><span id="ecxouHighlight__28_37TO22_31" style="padding:0px;">contribute</span><span id="ecxnoHighlight_0.8471937389113009" style="padding:0px;"> </span><span id="ecxouHighlight__39_47TO33_40" style="padding:0px;">with new</span><span id="ecxnoHighlight_0.3880476139020175" style="padding:0px;"> </span><span id="ecxouHighlight__49_57TO42_51" style="padding:0px;">detections</span><span id="ecxnoHighlight_0.1756396135315299" style="padding:0px;">?</span></div><br style="padding:0px;color:rgb(68,68,68);font-family:'Segoe UI';font-size:14px;line-height:20px;"><div style="padding:0px;color:rgb(68,68,68);font-family:'Segoe UI';font-size:14px;line-height:20px;"><span id="ecxouHighlight__0_9TO0_13" style="padding:0px;">After creating</span><span id="ecxnoHighlight_0.9993612298276275" style="padding:0px;"> </span><span id="ecxouHighlight__11_18TO15_19" style="padding:0px;">a new</span><span id="ecxnoHighlight_0.33918709866702557" style="padding:0px;"> d</span><span id="ecxouHighlight__20_28TO21_30" style="padding:0px;">etector ,</span><span id="ecxnoHighlight_0.5065043824724853" style="padding:0px;"> how to</span><span id="ecxnoHighlight_0.3185227927751839" style="padding:0px;"> </span><span id="ecxouHighlight__43_58TO43_54" style="padding:0px;">update the</span><span id="ecxnoHighlight_0.07558031473308802" style="padding:0px;"> </span><span id="ecxouHighlight__60_69TO56_65" style="padding:0px;">appMapping</span><span id="ecxouHighlight__70_74TO66_71" style="padding:0px;">.data</span><span id="ecxnoHighlight_0.6729159557726234" style="padding:0px;">?</span></div><br style="padding:0px;color:rgb(68,68,68);font-family:'Segoe UI';font-size:14px;line-height:20px;"><div style="padding:0px;color:rgb(68,68,68);font-family:'Segoe UI';font-size:14px;line-height:20px;"><span id="ecxouHighlight__0_8TO0_9" style="padding:0px;">Is there a</span><span id="ecxnoHighlight_0.27240645280107856" style="padding:0px;"> </span><span id="ecxouHighlight__10_22TO11_23" style="padding:0px;">document that</span><span id="ecxnoHighlight_0.5393356289714575" style="padding:0px;"> </span><span id="ecxouHighlight__24_39TO25_35" style="padding:0px;">I can study</span><span id="ecxnoHighlight_0.5491648328024894" style="padding:0px;">?</span></div><br style="padding:0px;color:rgb(68,68,68);font-family:'Segoe UI';font-size:14px;line-height:20px;"><div style="padding:0px;color:rgb(68,68,68);font-family:'Segoe UI';font-size:14px;line-height:20px;"><span id="ecxnoHighlight_0.6063842999283224" style="padding:0px;">Thank you</span></div><br style="padding:0px;color:rgb(68,68,68);font-family:'Segoe UI';font-size:14px;line-height:20px;"><div style="padding:0px;color:rgb(68,68,68);font-family:'Segoe UI';font-size:14px;line-height:20px;"><span id="ecxouHighlight__0_5TO0_5" style="padding:0px;">Edison</span></div></div>
<br>------------------------------------------------------------------------------<br>_______________________________________________
Snort-openappid mailing list
Snort-openappid@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news!</div></div>                                          </div></body>
</html>