What is Applipedia

cancel
Showing results for 
Search instead for 
Did you mean: 
Community Team Member

 

Applipedia is the application database that Palo Alto Networks uses along with App-ID to identify applications traveling through your Palo Alto Networks firewall.

 

Let's take a step back and start with the basics...

 

Applipedia can be found in two separate locations:

 

  1. Inside the web interface
  2. On our website here: https://applipedia.paloaltonetworks.com/

 

Inside the Palo Alto Networks firewall web interface, go to the Objects tab > Applications section. 

Firewall web interface – Objects TabFirewall web interface – Objects Tab

 On the website, here is what it will look like:

 

View of Applipedia websiteView of Applipedia website

 

Search and Category Browser Section

At the top of the screen, you will see the top application browser area of the page that lists the attributes you can use to filter the display. The number to the left of each entry represents the total number of applications with that attribute. Everything is listed alphabetically. When you click on anything below the title (Category, Subcategory, Technology, Risk, or Characteristic), it will become a filter and change out what is listed in the Applications page below.

Search and Category Browser section – Web Interface

Search and Category Browser section – Web InterfaceSearch and Category Browser section – Web Interface

Search and Category Browser section – Web Page

Search and Category Browser section – Web PageSearch and Category Browser section – Web Page

 NOTE: If you want to reset any filters, please click the "Clear Filters" button at the top of this section to reset the view. 

 

Applications Section

The Applications page lists various attributes of each application definition, including:

  • Name
  • Category
  • Subcategory
  • Risk
  • Technology
  • Standard Ports (column only displayed in the Web Interface)

One of the attributes listed is the application’s relative security risk (1 to 5). The risk value is based on criteria such as whether the application can share files, is the application prone to misuse, or does the application try to evade firewalls. Higher values indicate higher risk.

Both locations are going to show you about 99% the same information, other than the "Standard Ports" column not being displayed on the Applipedia website. Functionality to search and drill down will remain the same.

 

NOTE: Any custom applications created on the device or pushed down from Panorama will not show up in the online Applipedia.

Applications section – Web Interface

Applications section – Web InterfaceApplications section – Web Interface

 Applications section – Web Page

Applications section – Web PageApplications section – Web Page

 

What is Applidedia for?

Applipedia is used to gather information about the applications passing through your Palo Alto Networks firewall. Applipedia can be a wonderful tool to help you be very specific about what applications you do and do not want to pass through your firewall.

 

What can I do with Applipedia?

The advantage of this tool is that you have the ability to research what applications use similar ports or similar behavior. Everything in the Search and Category Browser section is clickable, allowing you to be able to go through and drill down to get more info.

 

Let's say you want to see all the applications that we have for the subcategory "Email." You will notice that there are 85 different applications listed. If you click on "85 email," then you will likely see the following:

Web Interface view of email applicationsWeb Interface view of email applications

Did you notice how all the information changed? Now it says "85 matching applications." The Category area changed, and you now see the 85 applications listed below.

 

Let's use Hotmail as an example to look at next. Scroll down and click the "hotmail" application.

 

Web Interface Hotmail detail
Web Interface Hotmail detailWeb Interface Hotmail detail

 Web Page Hotmail detail

Web Page Hotmail detailWeb Page Hotmail detail

You will notice the following information displayed:

  • Name
  • Description
  • Additional Information
  • Standard Ports
  • Depends on Applications
  • Implicitly Use Applications

 

The name and description are straightforward, giving you information on what this application is. If you want more information on this application, you will see three external links for Wikipedia, Google, and Yahoo.

 

The standard ports are listed next. This will show you the ports that this application uses, and it can come in handy when you need to confirm what ports need to be opened up to allow this application to function properly.

 

Last is the "Depends on Applications" and "Implicitly Use Applications" area. This is the area that will list out the applications that this app specifically needs to have allowed in order to work properly.

 

To learn more about Application dependency, please review the following Tips & Tricks article:
Tips & Tricks: What is Application Dependency?

 

You will also see the following sections:

  • Characteristics
  • Classification
  • Options

The Characteristics section shows you the application's characteristics (yes or no):

  • Evasive
  • Excessive Bandwidth Usage
  • Used by Malware
  • Capable of File Transfer
  • Has Known Vulnerabilities
  • Prone to Misuse
  • Widely Used


All of these sections are visible on both the web page and the Web Interface except for the "Risk and Options" section. As long as you are logged in to the web interface with admin rights, you have the ability to change the timeout options PER APPLICATION. This is perfect if you need to adjust the TCP timeout value for a specific application but do not want to change it for ALL TCP applications. Just think of the web version of Applipedia as a Read Only version of the web interface of Applipedia.

 

Thanks for taking time to read this blog.

Don't forget to hit that Like (thumbs up) button and don't forget to subscribe to the LIVEcommunity Blog.

 

Stay Secure,
Kiwi out!

Register or Sign-in
Labels