Table of contents

Application types

The applications defined by Application Types are identified by the direction of traffic, the protocol being used, and the port number through which the traffic passes. Application Types are useful for grouping intrusion prevention rules.that have a common purpose. Rule groups simplify the process of selecting a set of intrusion prevention rules to assign to a computer. For example, consider the set of rules required to protect HTTP traffic to an Oracle Report Server. Simply select the rules in the Web Server Common and Web Server Oracle Report Server application types and then exclude unneeded rules, such as the rules that are specific to IIS servers.

View a list of application types

Open the list of application types where you can see the properties of existing application types, as well as configure, export, and duplicate them. You can export to XML or CSV files. You can import XML files. You can also create and delete application types.

  1. Click Policies > Intrusion Prevention Rules.
  2. Click Application Types.
  3. To apply a command to an application type, select the type and click the appropriate button.

Application types that have configurable properties have an icon with a gear. Configuration application type icon

See also Override rule and application type configurations.

General Information

The name and description of the Application Type. Minimum Agent/Appliance Version tells you what version of the agent is required to support this Application Type.

Connection

  • Direction: The direction of the initiating communication. That is, the direction of the first packet that establishes a connection between two computers. For example, if you wanted to define an Application Type for web browsers, you would select Outgoing because it is the web browser that sends the first packet to a server to establish a connection (even though you may only want to examine traffic traveling from the server to the browser). The Intrusion Prevention Rules associated with a particular Application Type can be written to examine individual packets traveling in either direction.
  • Protocol: The protocol to which this Application Type applies.
  • Port: The ports this Application Type monitors. These are not the ports over which traffic is exclusively allowed.

Configuration

The Configuration tab displays options that control the behavior of Intrusion Prevention Rules associated with this Application Type. For example, the Web Server Common Application Type has an option to Monitor responses from Web Server. If this option is deselected, Intrusion Prevention Rules associated with this Application Type do not inspect response traffic.

Options

Items in the Options tab control how Workload Security uses and applies the Application Type. For example, most Application Types have an option to exclude them from Recommendation Scans. This means that if the Exclude from Recommendations options is selected, a Recommendation Scan does not recommend this Application Type and its associated Intrusion Prevention Rules for a computer even if the application in question is detected.

Assigned To

The Assigned To tab lists the Intrusion Prevention Rules associated with this Application Type.