Configuring Application Signatures

At the libraries application-signature level it is possible to create and configure user custom application signatures.

To create a custom application signature, use the following command:

Admin@nodename# create libraries application-signature <parameters>

Provide the following parameters:

Parameter

Description

name

The name of the signature.

Cannot be modified for signatures created by UserGate.

description

Signature description.

Cannot be modified for signatures created by UserGate.

signature-id

Signature group ID.

Cannot be modified for signatures created by UserGate.

enabled

Signature state indicator.

  • on: enable

  • off: disable

categories

A signature category is a group of signatures that have common parameters. The list of categories can be extended.

  • Media streaming

  • Email

  • Coin Miners

  • TunnelingGames

  • Remote access

  • Conferencing

  • Trojan Horses

  • Business

  • Mobile

  • Proxies and anonymizers

  • Standard networks

  • VOIP

  • Web posting

  • Software update

  • File storage and backup

  • Web browsing

  • File sharing P2P

  • Instant messaging

  • Social networking

threat

Threat level defined by the signature. The following values are defined:

  • very-low

  • low

  • medium

  • high

  • very-high

technology

Application technology.

  • browser-based: browser-based web application

  • client-server: client-server application

  • network-protocol: network protocol

  • peer-to-peer: peer-to-peer application

type

Signature type:

  • app: application signature

  • proto: protocol signature

  • support: supplementary signature

uasl

Application signature description using UASL syntax.

To edit a previously created application signature, use the following command:

Admin@nodename# set libraries application-signature <application-signature-name> <parameters>

Parameters which could be updated are the same parameters which are available when creating a signature.

To view information on all application signatures, use the following command:

Admin@nodename# show libraries application-signature

To view information on a specific signature, use the following command:

Admin@nodename# show libraries application-signature <application-signature-name>

Example of creating an application signature:

Admin@nodename# create libraries application-signature name "Test app signature 2" description "Test app signature 2 description" categories [ "Web browsing" ] signature-id 2 technology browser-based threat low type app uasl "UASL(.dst_addr=192.168.10.1;)" Admin@nodename# show libraries application-signature "Test app signature 2" signature-id : 2 name : Test app signature 2 threat : low technology : browser-based categories : Web browsing uasl : UASL(.dst_addr=192.168.10.1;) owner : You type : custom description : Test app signature 2 description

To remove a previously created application signature, use the following command:

Admin@nodename# delete libraries application-signature <application-signature-name>