OpenAppID - Any plans for this package to be more easily managed by the WGUI?
I think this package is fantastic but I do not see how it's overly useful at the moment without first having to go find the appMapping.data file and then manually creating rules. Ideally I think there should be an easy way to review all of the detected apps from the GUI and also create alerts without having to use the custom rules option.
I'm also not seeing anything in the app-stats.log even after going to multiple websites listed in the OpenAppID data file. I went to Facebook, Twitter, etc and only saw mentions for dhcp and https as an appname.
This is a feature I've thought about but have not gotten around to actually implementing in code. It is on my long-range TODO list. If another Snort user on here feels like coding, I welcome submissions and so does the pfSense team.