Signature APIs

Signature API

• Introduction
• Signature Types
• Authentication
• Endpoints
• Response Codes and Format
• Next Steps

Introduction

The Netify Agent includes built-in support for automatically updating signatures for applications, categories, and intelligence. If preferred, these signatures can also be managed through in-house orchestration tools or custom build systems.

The Signature API endpoints provide access to the latest application, intelligence, and category mapping files for the Netify DPI engine. Signatures are updated multiple times per week, so we recommend querying the API daily or weekly to ensure your deployment stays current. You can review a log of the most recent application signatures here.

Signature Types

The following signature types are used by the Netify DPI engine.

• Application signatures
• Intelligence signatures
• Category mappings for both application and protocols

The location of these signature files depend on the version of the Netify Agent. The following table provides the details.

Authentication

To access signatures, an API key must be passed in the x-api-key parameter in the request headers. Please contact us for details about acquiring an API key.

Parameters

Agent Version (required)

The Signature API endpoints require the agent version to provide the correct file format and signature patterns. Use the version parameter in your API request to provide this information.

To simplify orchestration of signatures across devices, signature files are compatible across major versions. For example, signatures for Netify 4.4.7 will load on older 4.2.x versions. In the API request, you can specify the full version (e.g. 4.2.5) or just the major number (e.g. 4) to fetch the optimum signatures for all version 4.x.x.

IP Version (optional)

By default, the signatures return both IPv4 and IPv6 IPs and network blocks. If you only need IPv4, set the ip_version parameter to 4 in the request. See example below.

Endpoints

# Version 5.0.62 Application Signatures, IPv4 only:
curl -H "x-api-key: {api_key}" \
    --get "https://agents.netify.ai/api/v2/integrator/signatures/applications" \
    --data "version=5.0.62" \
    --data "ip_version=4"

# Version 5.0.62 Category Signatures:
curl -H "x-api-key: {api_key}" \
    --get "https://agents.netify.ai/api/v2/integrator/signatures/categories" \
    --data "version=5.0.62"

Response Codes and Format

Standard HTTP response codes are sent by the API.

The response format is provided in the native format used by the requested version of the Netify Agent. The locations of the signature files are described above.

In addition, the HTTP response headers provide file hash information. The hash should match the raw file format of the downloaded file.

x-sha1-hash: 13e764d0dfe9450964c669a3807cef48193df24d
x-sha256-hash: 15cbc60164586d0d0dd39f6fd133722eef59955dac6b3bb3ffd47018cb892311

In the case of the categories, the hashes for both the categories data and the applications data are provided. These two hashes can be used to ensure that the categories and application signatures are from the same dataset.

x-sha1-applications-hash: 13e764d0dfe9450964c669a3807cef48193df24d
x-sha1-hash: bc54d5cb3c3d96f98c225501969feea0bdfca992
x-sha256-applications-hash: 15cbc60164586d0d0dd39f6fd133722eef59955dac6b3bb3ffd47018cb892311
x-sha256-hash: 966638446c6612b6b0ff0e997841ae537a41252e23ff544e68c1661e71115e8d

Next Steps

Informational API endpoints are provided for applications, protocols and their associated categories.

• Application APIs
• Protocol APIs