Application Detector Fundamentals
The system uses application detectors to identify the commonly used applications on your network. Use the Detectors page () to view the detector list and customize detection capability.
Whether you can modify a detector or change its state (active or inactive) depends on its type. The system uses only active detectors to analyze application traffic.
Note | Cisco-provided detectors may change with system and VDB updates. See the release notes and advisories for information on updated detectors. |
Note | For Firepower application identification, the ports are not listed intentionally. The application’s associate ports are not reported for any of Cisco's applications because most of the applications are port-agnostic. Our platform's detection capabilities can identify services running at any port in the network. |
Cisco-Provided Internal Detectors
Internal detectors are a special category of detectors for client, web application, and application protocol traffic. Internal detectors are delivered with system updates and are always on.
If an application matches against internal detectors designed to detect client-related activity and no specific client detector exists, a generic client may be reported.
Cisco-Provided Client Detectors
Client detectors detect client traffic and are delivered via VDB or system update, or are provided for import by Cisco Professional Services. You can activate and deactivate client detectors. You can export a client detector only if you import it.
Cisco-Provided Web Application Detectors
Web application detectors detect web applications in HTTP traffic payloads and are delivered via VDB or system update. Web application detectors are always on.
Cisco-Provided Application Protocol (Port) Detectors
Port-based application protocol detectors use well-known ports to identify network traffic. They are delivered via VDB or system update, or are provided for import by Cisco Professional Services. You can activate and deactivate application protocol detectors, and view a detector definition to use it as the basis for a custom detector.
Cisco-Provided Application Protocol (Firepower) Detectors
Firepower-based application protocol detectors analyze network traffic using Firepower application fingerprints and are delivered via VDB or system update. You can activate and deactivate application protocol detectors.
Custom Application Detectors
Custom application detectors are pattern-based. They detect patterns in packets from client, web application, or application protocol traffic. You have full control over imported and custom detectors.