Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What is the difference between the two detectors

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 3 Posters 841 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      techbee
      last edited by

      what is the difference between snort openappid detectors and snort openappid rules detectors ?

      1 Reply Last reply Reply Quote 0
      • U
        u3c307
        last edited by

        I don't think there is a difference ones enable openappid and the other enable downloading the rules

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          Two things are necessary for OpenAppID to function.  First, the OpenAppID preprocessor must be enabled within the Snort binary.  That happens when you check the OpenAppID Detector box on the PREPROCESSORS tab.  The second thing that has to happen is the preprocessor you just enabled needs some rules to know what apps to look for.  Those get downloaded from a third-party repository (currently hosted in Brazil I believe).  You enable the OpenAppID rules download on the GLOBAL SETTINGS tab.

          The Snort VRT folks don't publish their own set of OpenAppID rules.  You either have to write your own or find a third-party site.  A contributor volunteered last year to provide a package of common OpenAppID rules and to host them on a University web site.  That's the Brazil site (if I am remembering the location correctly).  The URL is hard-coded in the GUI code and was provided by the contributor.

          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.