Solved: Re: Sourcefire IAB with Custom Application Detectors

Ryan G · ‎01-24-2018

Is it possible to create Intelligent Application Bypass rules that leverage custom application detectors? Is it possible to leverage access policy rules with custom application detectors?

When I attempt to do so, they do not show as available applications for selection.

I'm trying to detect a URL (and certificate common name) for a particular patch management system and intelligently bypass when elephant flows are rampant. Here is just the URL for now...

However, it does not show-up as an option in the access rule or IAB add:

Entirely possible I'm doing something wrong... new to the platform.

Thanks

-Ryan

mikael.lahtela · ‎01-30-2018

Hi,

Try creating a custom "Application Protocol" (Add) in the first picture, ~~haven't tried it but~~ looks like you can create a custom and it shows up in the application list in IAB.
I created one for URL and I got a hit in the event list with the custom application name.

Edit: Haven't found a way to delete the Application Protocol once it is created.

br, Micke

View solution in original post

mikael.lahtela · ‎01-30-2018

Hi,

Try creating a custom "Application Protocol" (Add) in the first picture, ~~haven't tried it but~~ looks like you can create a custom and it shows up in the application list in IAB.
I created one for URL and I got a hit in the event list with the custom application name.

Edit: Haven't found a way to delete the Application Protocol once it is created.

br, Micke

Ryan G · ‎02-01-2018

Thank you much.