Cisco Cisco FirePOWER Appliance 7020
42-20
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Working with Application Detectors
The Detectors page appears.
Step 2
Click
Create Detector
.
The Create Detector page appears.
Step 3
Provide basic detector information, such as the detector name and description.
See
.
Step 4
Optionally, create a user-defined application for the detector.
See
Step 5
Provide detection criteria, including the protocol of traffic the detector should inspect and the port that
the traffic uses.
the traffic uses.
See
Step 6
Optionally, configure the detector to inspect traffic for matches to one or more patterns that occurs in
traffic for that application protocol.
traffic for that application protocol.
See
.
Step 7
Optionally, test the new detector against the contents of one or more PCAP files.
See
Step 8
Click
Save
.
The application protocol detector is saved.
Note
You must activate the detector before the system can use it to analyze application protocol
traffic. For more information, see
traffic. For more information, see
. Note that
if you include the application in an access control rule, the detector is automatically activated
and cannot be deactivated while in use.
and cannot be deactivated while in use.
Providing Basic Application Protocol Detector Information
License:
FireSIGHT
You must give each user-defined application protocol detector a name, as well as identify the application
protocol you want to detect. Optionally, you can provide a brief description of the detector.
protocol you want to detect. Optionally, you can provide a brief description of the detector.
In addition to the information you provide, the Defense Center indicates whether the detector is active
or inactive, and whether the detector is a port or pattern detector. If a detector identifies application
protocol traffic by port and pattern, the FireSIGHT System considers it a pattern detector.
or inactive, and whether the detector is a port or pattern detector. If a detector identifies application
protocol traffic by port and pattern, the FireSIGHT System considers it a pattern detector.
If you are editing an existing detector, the Defense Center also displays the detector’s author. If you
created a user-defined application protocol detector, you are the author. You are also the author for any
detector that you import or that you edit and save.
created a user-defined application protocol detector, you are the author. You are also the author for any
detector that you import or that you edit and save.
To provide basic application protocol detector information:
Access:
Admin/Discovery Admin
Step 1
On the Create Detector page, in the
Please enter a name
field, type a name for the detector.