Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

1317

Introduction to Network Discovery

Understanding Discovery Data Collection

Chapter 32

session to identify the application from the session. There are two sources of

application detectors in the Sourcefire 3D System:

•

Sourcefire-provided detectors, which detect web applications, clients, and

application protocols
The availability of Sourcefire-provided detectors for applications (and

operating systems, see

Understanding Host Data Collection

on page 1305)

depend on the version of the Sourcefire 3D System and the version of the

VDB you have installed. Release notes and advisories contain information

on new and updated detectors. You can also import individual detectors

authored by Sourcefire Professional Services. For a complete list of

detected applications, see the

Sourcefire Support Site

•

user-defined application protocol detectors, which you can create to

enhance the system’s application protocol detection capabilities

You can also detect application protocols through implied application protocol

detection, which implies the existence of an application protocol based on the

detection of a client.
The system characterizes each application that it detects using the criteria

described in the following table. The system uses these characteristics to create

application filters, or groups of applications. You can use these filters and filters

that you create to perform access control, as well as to constrain searches,

reports, and dashboard widgets. For more information, see

Working with

Application Filters

on page 192.

Application Characteristics

RITERION

ESCRIPTION

XAMPLE

Risk

How likely the application is to be used for

purposes that might be against your

organization’s security policy. An

application’s risk can range from Very Low to

Very High.

Peer-to-peer applications tend

to have a very high risk.

Business Relevance

The likelihood that the application is used

within the context of your organization’s

business operations, as opposed to

recreationally. An application’s business

relevance can range from Very Low to Very

High.

Gaming applications tend to

have a very low business

relevance.