Skip to main content
alexnogard
alexnogard
New Member
May 11, 2016
Question

How to find Application category list

  • May 11, 2016
  • 2 replies
  • 22759 views

Hello guys,

 

I'm currently creating custom applications signatures. Application category looks to be mandatory.

I'm looking on KB / Internet but I canno't find a table of correspondence between app_cat number & category ..

 

I just know app_cat 15 corresponding to Network service ..  :D

 

Do you have it / know where I can find it ?

 

Thank you in advance,

Regards

    2 replies

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    May 11, 2016

    ha! done that this morning 

    config application list
        edit "default"
                config entries
                    edit 1
                        set category  // hit '?' here!
    yields on v4.3.18

    ID           Select Category ID
    1            IM

    2            P2P
    3            VoIP
    5            Media
    6            Proxy
    7            Remote.Access
    8            Game
    12           Web
    15           Network.Service
    16           Business
    17           Update
    19           Botnet
    21           Email
    22           Storage.Backup
    23           Social.Networking

    24           Reserved.For.Future.Use

    and on v5.2.3 this:

    ID           Select Category ID
    1            IM
    2            P2P
    3            VoIP
    5            Video/Audio
    6            Proxy
    7            Remote.Access
    8            Game
    12           General.Interest
    15           Network.Service
    17           Update
    19           Botnet
    21           Email
    22           Storage.Backup
    23           Social.Media
    24           File.Sharing
    25           Web.Others
    26           Industrial
    27           Special
    28           Collaboration
    29           Business
    30           Cloud.IT
    31           Mobile

    CrisP
    CrisP
    New Member
    June 7, 2016

    Hello Alex,

    If your FAZ runs on something prior to 5.4, do this from time to time (or when you see that Fortiguard has updated app signatures):

    FAZ-3000E_BIS_1 # exec shell sh-4.3# su - postgres [FAZ-3000E_BIS_1/]$ [FAZ-3000E_BIS_1/]$ [FAZ-3000E_BIS_1/]$ [FAZ-3000E_BIS_1/]$ psql psql (9.3.4) Type "help" for help. postgres=# postgres=# help You are using psql, the command-line interface to PostgreSQL. Type:  \copyright for distribution terms        \h for help with SQL commands        \? for help with psql commands        \g or terminate with semicolon to execute query        \q to quit postgres=# ? postgres-# \d                                 List of relations  Schema |                       Name                        |   Type   |  Owner    --------+---------------------------------------------------+----------+----------  public | FAZADOM3-ALLELSE-elog-0-0                         | table    | postgres  public | FGTADOM413-ALLELSE-elog-1465234740-0              | table    | postgres  public | FGTADOM468-tlog-1462684830                        | table    | postgres  public | FMGADOM116-elog-1465221240                        | table    | postgres .............  public | alert_logs                                        | table    | postgres  public | alert_logs_seq_num_seq                            | sequence | postgres  public | alerts                                            | table    | postgres  public | app_mdata                                         | table    | postgres  public | ips_mdata                                         | table    | postgres  public | log_tablst                                        | table    | postgres  public | maltarg                                           | table    | postgres  public | table_ref                                         | table    | postgres  public | table_ref_tbl_id_seq                              | sequence | postgres  public | vacuum_tablst                                     | table    | postgres (16215 rows) postgres-#             postgres-# postgres-# select * from app_mdata;   id   |                          name                           |     app_cat      | app_cat_id |    vendor    |           technology           |              behavior              |     d_behavior      | d_risk -------+---------------------------------------------------------+------------------+------------+--------------+--------------------------------+------------------------------------+---------------------+--------  17179 | Wikipedia                                               | Business         | 29         | Other        | Browser-Based                  |                                    |                     |      0  20806 | Puff                                                    | Proxy            | 6          | Other        | Client-Server                  | Evasive                            | Evasive             |      2  16554 | 126.Mail                                                | Email            | 21         | Netease      | Browser-Based                  |                                    |                     |      0  29867 | Cienradios                                              | Video/Audio      | 5          | Other        | Browser-Based                  | Excessive-Bandwidth                | Excessive-Bandwidth |      1  32975 | ELCOM_Data.Request                                      | Industrial       | 26         | Other        | Network-Protocol               |                                    |                     |      0 ... etc.

     

    Best regards

    Cris

    AlexFeren
    AlexFeren
    New Member
    November 22, 2019

    hostname (global) # get application name status | grep -B3 -A13 "cat-id: 15"

    app-name: "3PC"
    id: 16284
    category: "Network.Service"
    cat-id: 15
    sub-category: "(null)"
    sub-cat-id: 0
    parameter:  
    popularity: 2.high
    risk: 2.high
    weight: 1
    shaping: 0
    protocol: 0.Other
    vendor: 0.Other
    technology: 0.Network-Protocol
    behavior:
    language: N/A
    require_ssl_di: No
    --
    :

     

    --
    app-name: "swIPe"
    id: 16315
    category: "Network.Service"
    cat-id: 15
    sub-category: "(null)"
    sub-cat-id: 0
    parameter:  
    popularity: 2.high
    risk: 2.high
    weight: 1
    shaping: 0
    protocol: 0.Other
    vendor: 0.Other
    technology: 0.Network-Protocol
    behavior:
    language: N/A
    require_ssl_di: No

    Terms & ConditionsAccessibility statement