Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1055
Views
0
Helpful
0
Replies

Custom application detector doesn't work (firepower)

lyutov_dv
Level 1
Level 1

‎10-13-2017 05:30 AM - edited ‎02-21-2020 06:29 AM

Hi,

 

I didn't find a detector for yum application (package installation software for CentOS). Firepower detect it as 'urlgrabber' application (i see it in firepower logs). I think it's because of UserAgent header for yum.

For my test invoroment it is urlgrabber/3.10 yum/3.4.3. 

 

'urlgrabber' applicattion works in Access Policy but it's not good and i decided to create a custom application detector based on UserAgent header.

 

I created custom an application detector 'yum-update' and pcap test for it was successful but when i use it in access rules, it doesn't work. In logs i see that firepower still detects the traffic as 'urlgrabber' application...

 

How to make my app detector work?

p.s. my app detector in the attachment  

 

 

1 person had this problem
Labels:
Preview file
40 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card