Application Signatures
- Open Source vs Commercial Signatures
- Access and License to Use
- Continuous Updates
- Determining which Signature List is in Use
- Applications
- Next Steps
Open Source vs Commercial Signatures
Netify's open-source signature list comprises 200 application definitions, providing a transparent and collaborative approach to flow classification and cybersecurity, tailored for enthusiasts and developers. It gives a solid foundation for understanding the bulk traffic traversing a network.
On the other hand, Netify's commercial application signature list extends even further, with over 2,300 applications, making it a robust choice for businesses, enterprises, and OEM/edge gateway partners. This extensive list excels in detecting a wide range of threats and is designed to evolve with emerging cybersecurity challenges. Together, these offerings cater to both community-driven initiatives and the sophisticated needs of organizations seeking reliable DPI and classification solutions.
Access and License to Use
Anyone is permitted to use the Open Source application signature list. The signature list is packaged with all versions of the Netify agent and can be found in /etc/netifyd/netify-apps.conf.
The commercial application list is provided to integrators and Netify Informatics subscribers.
In-Agent Updates
To access in-agent updates, check the main Netify configuration file, /etc/netifyd.conf. The API must be set to yes.
[netify-api]
# Enable/disable integration with Netify Informatics
enable = yesIntegrator API
This method is restricted to Netify clients who have been issued a Netify API Vendor key. Documentation to pull application signature updates from the Netify API can be found here.
sudo systemctl reload netifydContinuous Updates
The application signature list is continuously being updated. It is recommended to check for updates as frequently as every day and at least every month.
Determining which Signature List is in Use
If you are unsure of which application signature list your Netify agent is using, there are a number of ways.
Signature File Header
Use the head command to display the header present at the top of the signature file:
head -15 /usr/share/netifyd/netify-apps.conf
# Netify Application Signatures
#
# Copyright 2024 eGloo Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.If you see reference to the Apache Version 2.0 License, you are using the Open Source Application Signature list. If you see references to proprietary licensing that does not permit the right to redistribute, you are using the commercial Application Signature list.
Netify Status Output
As a privileged user, run:
netifyd -s
Netify Agent/5.0.56-HEAD-2616-4bc869c2 (debian; linux-gnu; x86_64; conntrack; netlink; dns-cache; tpv3; tcmalloc; regex)
✓ agent is running: PID 18154
• agent timestamp: Thu Oct 24 12:23:33 2024
...
• apps: 199, domains: 3374, networks: 783, soft-dissectors: 26, transforms: 0Look for a line listing the apps, domains, networks and other counters. If this output indicates less than 200 applications present (ex. apps: 199), this is an indication that you are using the Open Source Application list.
Application
Application signature list contains a list of all applications Netify is tracking. If you are using the Open Source version, it will contain exactly 200 of the top applications we see, by usage. For the commercial list, you will see a much larger list - over 2,300 at the time of writing.
One way to get a view of the applications Netify is using is to run:
netifyd --dump-apps