Netify Netify logo Contact Us
Products Resources Documentation Blog Sign In

Signature Updates

Signature updates in Netify Agent v5 enable automatic synchronization of application, protocol, and intelligence classification definitions. These signatures are the core dataset that drives accurate Deep Packet Inspection (DPI) and application identification across your network.

Netify offers both open-source and commercial signature lists. The open-source list provides a base foundation, while the commercial list delivers extensive coverage of modern applications and emerging threats. This guide explains how to access and configure signature updates, the different methods available, and how to verify which signature set is active in your deployment.

Open Source vs Commercial Signatures

Open Source vs Commercial

Netify's open-source signature list comprises 200 application definitions, providing a transparent and collaborative approach to flow classification and cybersecurity, tailored for enthusiasts and developers. It gives a solid foundation for understanding the bulk traffic traversing a network.

On the other hand, Netify's commercial application signature list extends even further, with over 2,500 applications, making it a robust choice for businesses, enterprises, and OEM/edge gateway partners. This extensive list excels in detecting a wide range of threats and is designed to evolve with emerging cybersecurity challenges. Together, these offerings cater to both community-driven initiatives and the sophisticated needs of organizations seeking reliable DPI and classification solutions.

Access and License to Use

Anyone is permitted to use the Open Source application signature list. The signature list is packaged with all versions of the Netify agent and can be found in /etc/netifyd/netify-apps.dat .

The commercial application list is provided to integrators and Netify Informatics subscribers.

In-Agent Updates

To access in-agent updates, check the main Netify profile file, /etc/netifyd/profiles.d/10-default.conf . The API must be set to yes.

Terminal - Netify
× 
[netify-api]

# Enable/disable integration with the Cloud API
enable = yes

Integrator API

This method is restricted to Netify clients who have been issued a Netify API Vendor key. Documentation to pull application signature updates from the Netify API can be found here.

Pushing a new application signatures file to an endpoint requires a 'HUP' message to be sent to the agent to begin using it by running:

Terminal - Netify
× 
sudo systemctl reload netifyd

Continuous Updates

The application signature list is continuously being updated. It is recommended to check for updates as frequently as every day if network intelligence is active, and at least every month for application signatures.

Determining which Signature List is in Use

If you are unsure of which application signature list your Netify agent is using, run:

Terminal - Netify
× 
$ netifyd -s
Netify Agent/5.0.56-HEAD-2616-4bc869c2 (debian; linux-gnu; x86_64; conntrack; netlink; dns-cache; tpv3; tcmalloc; regex)
✓ agent is running: PID 18154
• agent timestamp: Thu Oct 24 12:23:33 2024
...
• apps: 199, domains: 3374, networks: 783, soft-dissectors: 26, transforms: 0

Look for a line listing the apps, domains, networks and other counters. If this output indicates fewer than 200 applications (e.g., apps: 199), this is an indication that you are using the open source application list.