Application Signatures

Open Source vs Commercial Signatures

Open Source vs Commercial

Netify's open-source signature list includes 200 application definitions, offering a transparent and collaborative approach for flow classification and cybersecurity directed toward enthusiasts and developers. It provides a solid foundation for understanding the bulk traffic traversing a network.

On the other hand, Netify's commercial application signature list goes even further with over 1600 applications, making it a robust choice for businesses and enterprises and OEM/edge gateway partners. This extensive list excels in detecting a wide range of threats and is designed to evolve with emerging cybersecurity challenges. Together, these offerings cater to both community-driven initiatives and the sophisticated needs of organizations seeking reliable DPI and classification solutions.

Access and License to Use

Anyone is permitted to use the Open Source application signature list. The signature list is packaged with all versions of the Netify agent and can be found in /etc/netifyd/netify-apps.conf.

The commercial application list is provided to any current Netify Informatics or Netify Data Feeds service subscriber.

In-Agent Updates

To access in-agent updates, check the main Netify configuration file, /etc/netifyd.conf. The API must be set to yes.

[netify-api]

# Enable/disable integration with Netify Informatics
enable = yes

API

This method is restricted to Netify clients who have been issued a Netify API Vendor key. Documentation to pull application signature updates from the Netify API can be found here.

Pushing a new netify-app.conf application signature to an endpoint requires a 'HUP' message to be sent to the agent to begin using it by running:
sudo systemctl reload netifyd

Continuous Updates

The application signature list is continuously being updated. It is recommended to check for updates as frequently as every day and at least every month.

Determining which Signature List is in Use

If you are unsure of which application signature list your Netify agent is using, there are a number of ways.

Signature File Header

Use the head command to display the header present at the top of the signature file:

head -15 /usr/share/netifyd/netify-apps.conf
# Netify Application Signatures
#
# Copyright 2024 eGloo Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

If you see reference to the Apache Version 2.0 License, you are using the Open Source Application Signature list. If you see references to proprietary licensing that does not permit the right to redistribute, you are using the commercial Application Signature list.

Netify Status Output

As a privileged user, run:

netifyd -s
Netify Agent/5.0.56-HEAD-2616-4bc869c2 (debian; linux-gnu; x86_64; conntrack; netlink; dns-cache; tpv3; tcmalloc; regex)
✓ agent is running: PID 18154
• agent timestamp: Thu Oct 24 12:23:33 2024
...
• apps: 199, domains: 3374, networks: 783, soft-dissectors: 26, transforms: 0

Look for a line listing the apps, domains, networks and other counters. If this output indicates less than 200 applications present (ex. apps: 199), this is an indication that you are using the Open Source Application list.

Next Steps

Technical Support

Haven't found the answers you're looking for?

Contact Us