Netify Signature API

Signature API

Introduction
Signature Types
Authentication
Endpoints
Response Codes and Format
Next Steps

Introduction

The Netify Agent includes built-in support for automatically updating signatures for applications, categories, and intelligence. If preferred, these signatures can also be managed through in-house orchestration tools or custom build systems.

The Signature API endpoints provide access to the latest application, intelligence, and category mapping files for the Netify DPI engine. Signatures are updated multiple times per week, so we recommend querying the API daily or weekly to ensure your deployment stays current. You can review a log of the most recent application signatures here.

Signature Types

The following signature types are used by the Netify DPI engine.

Application signatures
Intelligence signatures
Category mappings for both application and protocols

The location of these signature files depend on the version of the Netify Agent. The following table provides the details.

Version	Categories	Applications	Intelligence
v5.2.x	/etc/netifyd/netify-categories.dat	/etc/netifyd/netify-apps.dat	/etc/netifyd/netify-intel.dat
v5.0.x	/etc/netifyd/netify-categories.json	/etc/netifyd/netify-apps.conf	-
v4.x	/etc/netify.d/netify-categories.json	/etc/netify.d/netify-apps.conf	-

Authentication

To access signatures, an API key must be passed in the x-api-key parameter in the request headers. Please contact us for details about acquiring an API key.

Parameters

Agent Version (required)

The Signature API endpoints require the agent version to provide the correct file format and signature patterns. Use the version parameter in your API request to provide this information.

To simplify orchestration of signatures across devices, signature files are compatible across major versions. For example, signatures for Netify 4.4.7 will load on older 4.2.x versions. In the API request, you can specify the full version (e.g. 4.2.5) or just the major number (e.g. 4) to fetch the optimum signatures for all version 4.x.x.

IP Version (optional)

By default, the signatures return both IPv4 and IPv6 IPs and network blocks. If you only need IPv4, set the ip_version parameter to 4 in the request. See example below.

Endpoints

Signature	API Endpoint
Categories	https://agents.netify.ai/api/v2/integrator/signatures/categories
Applications	https://agents.netify.ai/api/v2/integrator/signatures/applications
Intelligence	https://agents.netify.ai/api/v2/integrator/signatures/intelligence (Version 5.2+ only)

# Version 5.0.62 Application Signatures, IPv4 only:
curl -H "x-api-key: {api_key}" \
    --get "https://agents.netify.ai/api/v2/integrator/signatures/applications" \
    --data "version=5.0.62" \
    --data "ip_version=4"

# Version 5.0.62 Category Signatures:
curl -H "x-api-key: {api_key}" \
    --get "https://agents.netify.ai/api/v2/integrator/signatures/categories" \
    --data "version=5.0.62"

Response Codes and Format

Standard HTTP response codes are sent by the API.

Code	Response	Description
200	OK	Request was successful
400	Bad Request	The client request was invalid
401	Unauthorized	The API key or credentials were invalid
403	Forbidden	The API key or credentials were valid, but access was not permitted
404	Not Found	The resource was not found
405	Method Not Allowed	The method is not supported by the API
409	Conflict	Resource already exists
422	Validation Error	Parameters sent in the request were invalid
429	Too Many Requests	Too many requests were sent to the server
500	Server Error	Server-side error (rare)

The response format is provided in the native format used by the requested version of the Netify Agent. The locations of the signature files are described above.

In addition, the HTTP response headers provide file hash information. The hash should match the raw file format of the downloaded file.

x-sha1-hash: 13e764d0dfe9450964c669a3807cef48193df24d
x-sha256-hash: 15cbc60164586d0d0dd39f6fd133722eef59955dac6b3bb3ffd47018cb892311

In the case of the categories, the hashes for both the categories data and the applications data are provided. These two hashes can be used to ensure that the categories and application signatures are from the same dataset.

x-sha1-applications-hash: 13e764d0dfe9450964c669a3807cef48193df24d
x-sha1-hash: bc54d5cb3c3d96f98c225501969feea0bdfca992
x-sha256-applications-hash: 15cbc60164586d0d0dd39f6fd133722eef59955dac6b3bb3ffd47018cb892311
x-sha256-hash: 966638446c6612b6b0ff0e997841ae537a41252e23ff544e68c1661e71115e8d

Next Steps

Informational API endpoints are provided for applications, protocols and their associated categories.

Technical Support

Haven't found the answers you're looking for?

Signature APIs