Cisco Cisco Firepower Management Center 4000

The Detectors page appears.

Click 

.

The Create Detector page appears.

Provide basic detector information, such as the detector name and description.

See 

.

Optionally, create a user-defined application for the detector.

See 

Provide detection criteria, including the protocol of traffic the detector should inspect and the port that 
the traffic uses.

See 

Optionally, configure the detector to inspect traffic for matches to one or more patterns that occurs in 
traffic for that application protocol.

See 

.

Optionally, test the new detector against the contents of one or more PCAP files.

See 

Click 

.

The application protocol detector is saved.

You must activate the detector before the system can use it to analyze application protocol 
traffic. For more information, see 

. Note that 

if you include the application in an access control rule, the detector is automatically activated 
and cannot be deactivated while in use.

FireSIGHT

You must give each user-defined application protocol detector a name, as well as identify the application 
protocol you want to detect. Optionally, you can provide a brief description of the detector.

In addition to the information you provide, the Defense Center indicates whether the detector is active 
or inactive, and whether the detector is a port or pattern detector. If a detector identifies application 
protocol traffic by port and pattern, the FireSIGHT System considers it a pattern detector.

If you are editing an existing detector, the Defense Center also displays the detector’s author. If you 
created a user-defined application protocol detector, you are the author. You are also the author for any 
detector that you import or that you edit and save.

Admin/Discovery Admin

On the Create Detector page, in the 

 field, type a name for the detector.