Specifying EVE Process Assignments

You can configure your own custom application detectors to map processes detected by the encrypted visibility engine (EVE) to new or existing applications.

Before you begin

Begin configuring your custom application protocol detector as described in Configuring Custom Application Detectors.

Procedure

Step 1

On the Create Detector page, in the Encrypted Visibility Engine Process Assignments section, click Add.

Step 2

Enter the Process Name and Minimum Process Confidence value.

Note

You can enter text in the Process Name field and this is case-sensitive. The value should match the exact process name detected by EVE. The Minimum Process Confidence can be any number from 0 to 100. This is the number displayed in the Encrypted Visibility Process Confidence Score field in Connection Events.

For information about the Encrypted Visibility Process Confidence Score field, see the section Connection and Security Intelligence Event Fields in the Cisco Firepower Management Center Administration Guide.

Step 3

Click Save.

Step 4

In the Application Detector listing page, activate the detector that you created. For more information, see Activating and Deactivating Detectors. When you activate the detector, the detector files are pushed to all the FTDs registered on the management center.

What to do next

Continue configuring your custom application protocol detector as described in Configuring Custom Application Detectors. You must save and activate the detector before the system can use it to analyze traffic.