OpenAppID from Cisco helps improve application awareness by allowing Snort users to detect, monitor and manage application usage on their networks, enabling Snort to be used as an open source, customizable application firewall or next-generation firewall.
OpenAppID detectors -- signature files used by OpenAppID to detect network traffic from certain applications -- can be used to identify rogue application use, detect malicious applications and implement various application policies, such as application blacklisting, limiting application usage, and enforcing conditional controls (e.g., allowing Gmail access only if two-factor authentication is leveraged).
As of August 2014, there are more than 2,200 supported detectors for OpenAppID, enabling it to detect more than 1,500 applications. Administrators can also create their own detections to meet specific business needs. Detection information can also be exported from Snort for use by security analytics or security information and event management systems.
OpenAppID was introduced in Snort version 2.9.7 in February 2014.