Cisco Cisco FirePOWER Appliance 7030
42-21
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Working with Application Detectors
Detector names must be unique within the protocol for the traffic you are inspecting. That is, you can
create a TCP detector and a UDP detector with the same name, but you cannot create two TCP detectors
with the same name.
create a TCP detector and a UDP detector with the same name, but you cannot create two TCP detectors
with the same name.
Step 2
Identify the application protocol you want to detect. You have the following options:
•
If you are creating a detector for an existing application protocol (for example, if you want to detect
a particular application protocol on a non-standard port), select the application protocol from the
a particular application protocol on a non-standard port), select the application protocol from the
Application Protocol
drop-down list. Continue with the procedure in
.
•
If you are creating a detector for a custom application, continue with the procedure in the next
section,
section,
Creating a User-Defined Application
License:
FireSIGHT
You can create a user-defined application to identify a custom application on your network. You can also
create custom categories and custom tags to describe the application. Applications, categories, and tags
created here are available in access control rules and in the application filter object manager as well.
create custom categories and custom tags to describe the application. Applications, categories, and tags
created here are available in access control rules and in the application filter object manager as well.
For more information on application detection, including a discussion of application protocols and the
categories, tags, risk levels, and business relevance used to describe them, see
categories, tags, risk levels, and business relevance used to describe them, see
To create a user-defined application:
Access:
Admin/Discovery Admin
Step 1
On the Create Detector page, click
Add
.
The Application Editor pop-up window appears.
Step 2
Type a
Name
for the custom application.
Step 3
Type a
Description
for the custom application.
Step 4
Select a
Business Relevance
.
Step 5
Select a
Risk
.
Step 6
Click
Add
next to Categories to add a category and type a new category name or select an existing
category from the
Categories
drop-down list.
Step 7
Optionally, click
Add
next to Tags to add a tag and type a new tag name or select an existing tag from the
Tags
drop-down list.
Click
OK
to return to the Create Detector page.
Step 8
Continue with the procedure in the next section,
.
Specifying Detection Criteria for Application Protocol Detectors
License:
FireSIGHT