Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alexnogard
New Contributor

Created on ‎05-11-2016 08:34 AM

How to find Application category list

Hello guys,

 

I'm currently creating custom applications signatures. Application category looks to be mandatory.

I'm looking on KB / Internet but I canno't find a table of correspondence between app_cat number & category ..

 

I just know app_cat 15 corresponding to Network service ..  :D

 

Do you have it / know where I can find it ?

 

Thank you in advance,

Regards

19046
0 Kudos
3 REPLIES 3
ede_pfau
SuperUser
SuperUser

Created on ‎05-11-2016 09:11 AM

ha! done that this morning 

config application list
    edit "default"
            config entries
                edit 1
                    set category  // hit '?' here!
yields on v4.3.18

ID           Select Category ID
1            IM

2            P2P
3            VoIP
5            Media
6            Proxy
7            Remote.Access
8            Game
12           Web
15           Network.Service
16           Business
17           Update
19           Botnet
21           Email
22           Storage.Backup
23           Social.Networking

24           Reserved.For.Future.Use

and on v5.2.3 this:

ID           Select Category ID
1            IM
2            P2P
3            VoIP
5            Video/Audio
6            Proxy
7            Remote.Access
8            Game
12           General.Interest
15           Network.Service
17           Update
19           Botnet
21           Email
22           Storage.Backup
23           Social.Media
24           File.Sharing
25           Web.Others
26           Industrial
27           Special
28           Collaboration
29           Business
30           Cloud.IT
31           Mobile

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
7200
0 Kudos
CrisP
New Contributor III

Created on ‎06-07-2016 03:40 AM

Hello Alex,

If your FAZ runs on something prior to 5.4, do this from time to time (or when you see that Fortiguard has updated app signatures):

FAZ-3000E_BIS_1 # exec shell sh-4.3# su - postgres [FAZ-3000E_BIS_1/]$ [FAZ-3000E_BIS_1/]$ [FAZ-3000E_BIS_1/]$ [FAZ-3000E_BIS_1/]$ psql psql (9.3.4) Type "help" for help. postgres=# postgres=# help You are using psql, the command-line interface to PostgreSQL. Type:  \copyright for distribution terms        \h for help with SQL commands        \? for help with psql commands        \g or terminate with semicolon to execute query        \q to quit postgres=# ? postgres-# \d                                 List of relations  Schema |                       Name                        |   Type   |  Owner    --------+---------------------------------------------------+----------+----------  public | FAZADOM3-ALLELSE-elog-0-0                         | table    | postgres  public | FGTADOM413-ALLELSE-elog-1465234740-0              | table    | postgres  public | FGTADOM468-tlog-1462684830                        | table    | postgres  public | FMGADOM116-elog-1465221240                        | table    | postgres .............  public | alert_logs                                        | table    | postgres  public | alert_logs_seq_num_seq                            | sequence | postgres  public | alerts                                            | table    | postgres  public | app_mdata                                         | table    | postgres  public | ips_mdata                                         | table    | postgres  public | log_tablst                                        | table    | postgres  public | maltarg                                           | table    | postgres  public | table_ref                                         | table    | postgres  public | table_ref_tbl_id_seq                              | sequence | postgres  public | vacuum_tablst                                     | table    | postgres (16215 rows) postgres-#             postgres-# postgres-# select * from app_mdata;   id   |                          name                           |     app_cat      | app_cat_id |    vendor    |           technology           |              behavior              |     d_behavior      | d_risk -------+---------------------------------------------------------+------------------+------------+--------------+--------------------------------+------------------------------------+---------------------+--------  17179 | Wikipedia                                               | Business         | 29         | Other        | Browser-Based                  |                                    |                     |      0  20806 | Puff                                                    | Proxy            | 6          | Other        | Client-Server                  | Evasive                            | Evasive             |      2  16554 | 126.Mail                                                | Email            | 21         | Netease      | Browser-Based                  |                                    |                     |      0  29867 | Cienradios                                              | Video/Audio      | 5          | Other        | Browser-Based                  | Excessive-Bandwidth                | Excessive-Bandwidth |      1  32975 | ELCOM_Data.Request                                      | Industrial       | 26         | Other        | Network-Protocol               |                                    |                     |      0 ... etc.

 

Best regards

Cris

7200
0 Kudos
AlexFeren
New Contributor III
In response to CrisP

Created on ‎11-21-2019 11:36 PM 

hostname (global) # get application name status | grep -B3 -A13 "cat-id: 15"

app-name: "3PC"
id: 16284
category: "Network.Service"
cat-id: 15
sub-category: "(null)"
sub-cat-id: 0
parameter:  
popularity: 2.high
risk: 2.high
weight: 1
shaping: 0
protocol: 0.Other
vendor: 0.Other
technology: 0.Network-Protocol
behavior:
language: N/A
require_ssl_di: No
--
:

 

--
app-name: "swIPe"
id: 16315
category: "Network.Service"
cat-id: 15
sub-category: "(null)"
sub-cat-id: 0
parameter:  
popularity: 2.high
risk: 2.high
weight: 1
shaping: 0
protocol: 0.Other
vendor: 0.Other
technology: 0.Network-Protocol
behavior:
language: N/A
require_ssl_di: No

7200
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.