Configuring Custom Application Detectors

You can configure basic or advanced custom application detectors.

Procedure

Step 1

Select Policies > Application Detectors.

Step 2

Click Create Custom Detector.

Step 3

Enter a Name and a Description.

Step 4

Choose an Application Protocol from the application drop-down list. You have the following options:

  • If you are creating a detector for an existing application protocol (for example, if you want to detect a particular application protocol on a non-standard port), select the application protocol from the drop-down list.

  • If you are creating a detector for a user-defined application, follow the procedure outlined in Creating a User-Defined Application.

Step 5

Click Detector Type as Basic or Advanced.

Step 6

Click OK.

Step 7

Configure Detection Patterns or Detection Criteria or Encrypted Visibility Engine Process Assignments:

  • If you are configuring a basic detector, specify preset Detection Patterns as described in Specifying Detection Patterns in Basic Detectors.

  • If you are configuring an advanced detector, specify custom Detection Criteria as described in Specifying Detection Criteria in Advanced Detectors.

  • If you are configuring an encrypted visibility engine (EVE) detector, specify custom EVE process assignments as described in Specifying EVE Process Assignments section in this chapter.

    Caution

    Advanced custom detectors are complex and require outside knowledge to construct valid .lua files. Incorrectly configured detectors could have a negative impact on performance or detection capability.

Step 8

Optionally, use Packet Captures to test the new detector as described in Testing a Custom Application Protocol Detector.

Step 9

Click Save.

Note

If you include the application in an access control rule, the detector is automatically activated and cannot be deactivated while in use.

What to do next