OpenAppID update
-
Hello everyone,
Looking for some advice to improve the ability for PF to categorize applications.
OpenAppID is of course supported within Snort. There are pre-defined categories that come with the installation that have not been maintained for years. Example is social media. TIkTok is not there. Its trival to add the application but of course there has been so many social media apps identified over the years that are not part of the list.
I've been working on trying to update these categories and provide new ones but this is just a monumental task. Short of actually paying someone or a team to do this ive been thinking of trying to automate this. appid.cisco.com is the golden template to find apps, and categorizing them. Cisco does the hard part. I dont know if theres an API that perhaps can be hooked into a script and pull down the updated apps and using metadata put them in the categories.
Im open to suggestions. Maybe someone out there has a working configuration? This is really a "nextgen" feature that needs more support. -
This post is deleted!