You can use the “appid_detector_builder.sh” tool that comes with Snort’s tarball in the bin directory.
From: Snort-openappid <snort-openappid-bounces@
lists.snort.org> on behalf of Deivison Xavier via Snort-openappid <firstname.lastname@example.org. org>
Sent: Monday, April 23, 2018 9:36:04 PM
Subject: [Snort-openappid] OpenAppID custom detectorHello,
I am doing a college work on OpenAppID (Snort 18.104.22.168/Ubuntu16). I'm having trouble creating a detector for a third-party application. I read OpenDetectorDeveloperGuide3.0n (https://www.snort.org/
downloads/openappid/6328), but it was not clear how to customize a detector. Someone with knowledge about the subject?
Snort-openappid mailing list
Please visit http://blog.snort.org to stay current on all the latest Snort news!