Snort 3 Definitions and Terminologies for Network Analysis Policy

The following table lists the Snort 3 concepts and terms used in the Network Analysis Policy.

Snort 3 Definitions and Terminologies for Network Analysis Policy
Term	Description
Inspectors	Inspectors are plugins that process packets (similar to the Snort 2 preprocessor).
Binder inspector	Binder inspector defines the flow when a particular inspector has to be accessed and taken into consideration. When the traffic matches the conditions defined in the binder inspector, only then do the values/configurations for that inspector come into effect. For more information, see Binder Inspector in Custom Network Analysis Policy Creation for Snort 3.
Singleton inspectors	Singleton inspectors contain one instance. These inspectors do not support adding more instances like multiton inspectors. Settings of singleton inspector are applied to the entire traffic matching that inspector and not to a specific traffic segment. For more information, see Singleton Inspectors in Custom Network Analysis Policy Creation for Snort 3.
Multiton inspectors	Multiton inspectors contain multiple instances which you can configure as needed. These inspectors support configuring settings based on specific conditions, such as network, port, and VLAN. One set of supported settings is called an instance. For more information, see Multiton Inspectors in Custom Network Analysis Policy Creation for Snort 3.
Schema	The schema file is based on the OpenAPI JSON specification, and it validates the content that you upload or download. You can download the schema file and open it using any third-party JSON editor, such as Swagger editor. The schema file helps you to identify what parameters can be configured for inspectors with their corresponding allowed values, range, and accepted patterns to be used. For more information, see Customize the Network Analysis Policy.
Sample file	It is a pre-existing template that contains example configurations to help you with configuring the inspectors. You can refer to the example configurations included in the sample file and make any changes that you may require. For more information, see Customize the Network Analysis Policy.
Full configuration	You can download the entire inspector configurations in a single file. All information regarding the inspector configuration is available in this file. The full configuration is a merged configuration of the default configuration (rolled out as a part of the LSP updates by Cisco Talos) and the custom NAP inspector configurations. For more information, see Customize the Network Analysis Policy.
Overridden configuration	In the Snort 3 Version of the network analysis policy page: Under Actions > Upload, you can click Overridden Configuration to upload the JSON file that contains the overridden configuration. Under Actions > Download, you can click Overridden Configuration to download the inspector configuration that has been overridden. If you have not overridden any inspector configuration, then this option is disabled. When you override the inspector configuration, then this option is enabled automatically to allow you to download. For more information, see Customize the Network Analysis Policy.