Tips & Tricks: What is Applipedia?
Resolution
There are many aspects of the Palo Alto Networks WebGUI to learn about. One of these is the Applipedia. This Tips and Tricks will explain more about it and what it can be used for.
What is Applipedia?
Let's start with the basics. The Applipedia is the application database that Palo Alto Networks uses along with App-ID to identify applications traveling through your Palo Alto Networks firewall.
How can I access it?
Applipedia can be found in 2 separate locations:
- Inside the WebGUI:
Inside the Palo Alto WebGUI, go to the Objects tab > Applications section.
Inside, you will see this screen: - On our website here:
https://applipedia.paloaltonetworks.com/
From the website it will look like this:
Search and Category Browser section
At the top of the screen you will see the top application browser area of the page that lists the attributes you can use to filter the display as follows. The number to the left of each entry represents the total number of applications with that attribute. Everything is listed alphabetically. When you click on anything below the title (Category, Subcategory, Technology, Risk or Characteristic), that will become a filter and change out what is listed in the Applications page below.
Search and Category Browser section - WebGUI:
Search and Category Browser section - Web Page:
Note: If you want to reset any filters, please click the "Clear Filters" button at the top of this section to reset the view. (See arrows above)
Applications section
The Applications page lists various attributes of each application definition, including:
- Name
- Category
- Subcategory
- Risk
- Technology
- Standard Ports (column only displayed in the WebGUI)
One of the attributes listed is the application’s relative security risk (1 to 5). The risk value is based on criteria such as whether the application can share files, is prone to misuse, or tries to evade firewalls. Higher values indicate higher risk.
Both locations are going to show you about 99% the same information, other than the "Standard Ports" column not being displayed on the Applipedia Website. Functionality, to search and drill down will remain the same.
Note: Any custom applications created on the device or pushed down from Panorama will not show up in the online Applipdia.
Applications section - WebGUI:
Applications section - Web page:
What is this for?
The reason for Applipedia is to gather more information about the applications passing through your Palo Alto Networks firewall. The Applipedia can be a wonderful tool to help you be very specific about what applications you do and do not want to pass through your firewall.
What can I do with this?
The advantage of this tool is that you have the ability to research what applications use similar ports or similar behavior.
Everything in the Search and Category Browser section is clickable, allowing you to be able to go through and drill down to get more info.
Let's say you want to see all the applications that we have for the Subcategory 'Email,' you will notice that there are 74 different applications listed. If you click on '74 email,' then this shows up:
Notice how all the information changed? Now it lists '74 matching applications,' the Category area changed, and you now see the 74 applications listed below.
Let's use Hotmail as an example to look at next. Scroll down and click the 'hotmail' application. This window, WebGUI Hotmail detail, pops up:
Web Page Hotmail detail:
You will now notice the following information displayed:
- Name
- Description
- Additional Information
- Standard Ports
- Depends on Applications
- Implicitly Use Applications
The name and description are straightforward, giving you information on what this application is. If you wanted more information on this application, you will see 3 external links for Wikipedia, Google and Yahoo!
The standard ports are listed next. This will show you the ports that this application uses. This can come in handy when you need to confirm what ports need to be opened up to allow this application to function properly.
Last is the Depends on Applications and Implicitly Use Applications area.
This is the area that will list out the applications that this app specifically needs to have allowed in order to work properly.
To learn more about Application dependancy, please review the following Tips & Tricks article:
Tips & Tricks: What is Application Dependency?
You will also see the following sections:
- Characteristics
- Classification
- Options
The Characteristics section shows you the application's characteristics (yes or no):
- Evasive
- Excessive Bandwidth Usage
- Used bt Malware
- Capable of File Transfer
- Has Known Vulnerabilities
- Prone to Misuse
- Widely Used
All of these sections are visable in both the Web page and the WebGUI, except for the Risk and Options section. As long as you are logged into the WebGUI with Admin rights, you have the ability to change the timeout options PER APPLICATION. This is perfect if you need to adjust the TCP timeout value for a specific application, but do not want to change it for ALL TCP applications. Just think of the Web version of Applipedia as a Read Only version of the WebGUI Applipedia.
I hope that this helps you understand what Applipedia is and how it can be used in both the Web and WebGUI versions.
As always, please leave a question or comment below.
Stay secure,
Joe Delio