Skip to main content

 

 

Cisco Defense Orchestrator

Create and Edit a Firepower Application Filter Object

An application filter object allows you to target hand-picked applications or a group of applications identified by the filters. This application filter objects can be used in policies.

Create a Firepower Application Filter Object

To create an application filter object, follow this procedure:

  1. Click Objects to view the Objects page. 
  2. Click Create Object > FTD > Application Service.
  3. Enter an object name for the object and optionally, a description.
  4. Click Add Filter and select the applications and filters to add to the object.

The initial list shows applications in a continually scrolling list. Click Advanced Filter to see the filter options and to get an easier view for selecting applications. Click Add when you have made your selections. You can repeat the process to add additional applications or filters.

Note: Multiple selections within a single filter criteria have an OR relationship. For example, Risk is High OR Very High. The relationship between filters is AND, so Risk is High OR Very High, AND Business Relevance is Low OR Very Low. As you select filters, the list of applications in the display updates to show only those that meet the criteria. You can use these filters to help you find applications that you want to add individually, or to verify that you are selecting the desired filters to add to the rule.

application_filter_app.png

Risks: The likelihood that the application is used for purposes that might be against your organization's security policy, from very low to very high.

Business Relevance: The likelihood that the application is used within the context of your organization's business operations, as opposed to recreationally, from very low to very high.

Types: The type of application.

  • Application Protocol: Application protocols such as HTTP and SSH, which represent communications between hosts.
  • Client Protocol: Clients such as web browsers and email clients, which represent software running on the host.
  • Web Application: Web applications such as MPEG video and Facebook, which represent the content or requested URL for HTTP traffic.

Categories: A general classification for the application that describes its most essential function.

Tags: Additional information about the application, similar to category.

For encrypted traffic, the system can identify and filter traffic using only the applications tagged SSL Protocol. Applications without this tag can only be detected in unencrypted or decrypted traffic. Also, the system assigns the decrypted traffic tag to applications that the system can detect in decrypted traffic only, not encrypted or unencrypted.

Applications List (bottom of the display):  This list updates as you select filters from the options above the list, so you can see the applications that currently match the filter. Use this list to verify that your filter is targeting the desired applications when you intend to add filter criteria to the rule. To add a specific application or applications to your object, select them from the filtered list. Once you select the applications, the filter will no longer apply. If you want the filter itself to be the object, do not select an application from the list. Then the object will represent ever application identified by the filter. 

  1. Click OK to save your changes.

Edit a Firepower Application Filter Object

  1. Click the Objects tab to open the Objects page.
  2. Locate the object you want to edit by using object filters and search field.
  3. Select the object you want to edit.
  4. Click the edit icon edit.png in the Actions pane of the details panel.
  5. Edit the values in the dialog box in the same fashion that you created them in the procedures above. 
  6. Click Save.
  7. CDO displays the policies that will be affected by the change. Click Confirm to finalize the change to the object and any policy affected by it.

Related Topics