OpenAppID is an open, application-focused detection language and processing module for Snort that enables users to create, share and implement application detection. OpenAppID puts control in the hands of users, allowing them to control application usage in their network environements and eliminating the risk that comes with waiting for vendors (Sophos, for example) to issue updates.
OpenAppID harnesses the power of open source and the larger security community to provide application visibility and address the application attack vector by accelerating development of application detectors and controls. Application-layer context augments security events that tie to attack protection and allows for granular control over application access and usage. A library of over 1000 OpenAppID detectors is already available, at no charge, contributed by Sourcefire and Cisco. Any community member may contribute additional detectors, including end-user organizations that may have custom applications, often not commercially available.