Using OpenAppID without Snort

Question

Cisco Security introduced open source application detection and control mechanism which called "OpenAppID". Which can be checked in the link

Lets say I have a sniffer application for myself; if I implement lua base binding as snort do, can I use OpenAppID as well for application classification. Or "OpenAppID" is just a extension to snort and can't be used by other application than snort.

This is probably better asked on forums related to OpenAppID. — RoraΖ, Mar 16 '15 at 11:26

score 2 · Answer 1 · answered Jan 02 '15 at 23:27

2

It is a preprocessor to Snort and can't be used in anything but Snort unless you, essentially rewrite Snort's decoder and preprocessor structure. But why would you do that when you can just use Snort?

answered Jan 02 '15 at 23:27

Joel Esler

21
2

Using OpenAppID without Snort

1 Answers1