Creating a User-Defined Application

Applications, categories, and tags created here are available in access control rules and in the application filter object manager as well.

Caution

Creating a user-defined application immediately restarts the Snort process without going through the deploy process. The system warns you that continuing restarts the Snort process and allows you to cancel; the restart occurs on any managed device in the current domain or in any of its child domains. Whether traffic drops during this interruption or passes without further inspection depends on how the target device handles traffic. See Snort Restart Traffic Behavior for more information.

Before you begin

Begin configuring your custom application protocol detector as described in Configuring Custom Application Detectors.

Procedure

Step 1	On the Create A Custom Application Detector dialog box, click Add () next to the Application field.
Step 2	Type a Name.
Step 3	Type a Description.
Step 4	Select a Business Relevance.
Step 5	Select a Risk.
Step 6	Click Add next to Categories to add a category and type a new category name, or select an existing category from the Categories drop-down list.
Step 7	Optionally, click Add next to Tags to add a tag and type a new tag name, or select an existing tag from the Tags drop-down list.
Step 8	Click OK.

What to do next

Continue configuring your custom application protocol detector as described in Configuring Custom Application Detectors. You must save and activate the detector before the system can use it to analyze traffic.