Tips & Tricks: What is Applipedia?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Community Team Member

kiwi_16-1634198233199.png

 

What is Applipedia?

 

Applipedia is the application database that Palo Alto Networks uses along with App-ID to identify applications traveling through your Palo Alto Networks firewall.

 

Applipedia can be found in two separate locations:

 

  1. Inside the web interface (more on that below)
  2. On our very own website at applipedia.paloaltonetworks.com 

 

Inside the Palo Alto Networks firewall web interface, go to the Objects tab (1) > Applications section (2)

 

Firewall web interface – Objects TabFirewall web interface – Objects Tab

 

 

On the website, here is what it will look like:

 

 

View of Applipedia websiteView of Applipedia website

 

Search and Category Browser Section

 

At the top of the screen, you will see the top application browser area of the page that lists the attributes you can use to filter the display. The number to the left of each entry represents the total number of applications with that attribute. Everything is alphabetically listed. When you click on anything below the title (Category, Subcategory, Technology, Risk, or Characteristic), it will become a filter and change out what is listed in the Applications page below.

 

 NOTE: If you want to reset any filters, please click the "Clear Filters" button at the top of this section to reset the view. 



Search and Category Browser section – Web Interface

 

Search and Category Browser section – Web InterfaceSearch and Category Browser section – Web Interface

 

 

Search and Category Browser section – Web Page

 

Search and Category Browser section – Web PageSearch and Category Browser section – Web Page

 

Applications Section

The Applications page lists various attributes of each application definition, including:

  • Name
  • Category
  • Subcategory
  • Risk
  • Technology
  • Standard Ports (column only displayed in the Web Interface)

 

One of the attributes listed is the application’s relative security risk (1 to 5). The risk value is based on criteria such as whether the application can share files, is the application prone to misuse, or does the application try to evade firewalls. Higher values indicate higher risk.

Both locations are going to show you about 99% the same information, other than the "Standard Ports" column not being displayed on the Applipedia website. Functionality to search and drill down will remain the same.

 

NOTE: Any custom applications created on the device or pushed down from Panorama will not show up in the online Applipedia.

Applications section – Web Interface

 

Applications section – Web InterfaceApplications section – Web Interface

 

Applications section – Web Page

Applications section – Web PageApplications section – Web Page

 

 

What can I do with Applipedia?

Applipedia is used to gather information about the applications passing through your Palo Alto Networks firewall. Applipedia can be a wonderful tool to help you be very specific about what applications you do and do not want to pass through your firewall.

 

The advantage of this tool is that you have the ability to research what applications use similar ports or similar behavior. Everything in the Search and Category Browser section is clickable, allowing you to be able to go through and drill down to get more info.

 

Let's say you want to see all the applications that we have for the subcategory "Email." You will notice that there are 89 different applications listed. If you click on "89 email," then you will likely see something like this:

 

Web Interface view of email applicationsWeb Interface view of email applications

 

 

Did you notice how all the information changed? Now it says "89 matching applications." The Category area changed, and you now see the 89 applications listed at the bottom part of the screen.

 

Let's use Hotmail as an example to look at next. Scroll down the list until you find the "hotmail" application.

 

Web Interface Hotmail detail

Web Interface Hotmail detailWeb Interface Hotmail detail

 

 

Web Page Hotmail detail

 

Web Page Hotmail detailWeb Page Hotmail detail

 

 

You will notice the following information displayed:

  • Name
  • Description
  • Additional Information
  • Standard Ports
  • Depends on Applications
  • Implicitly Use Applications

 

The name and description are straightforward, giving you information on what this application is. If you want more information on this application, you will see three external links for Wikipedia, Google, and Yahoo.

 

The standard ports are listed next. This will show you the ports that this application uses, and it can come in handy when you need to confirm what ports need to be opened up to allow this application to function properly.

 

Last is the "Depends on Applications" and "Implicitly Use Applications" area. This is the area that will list out the applications that this app specifically needs to have allowed in order to work properly.

 

To learn more about Application dependency, please review this article: What is Application Dependency?

 

You will also see the following sections:

  • Characteristics
  • Classification
  • Options

The Characteristics section shows you the application's characteristics (yes or no):

  • Evasive
  • Excessive Bandwidth Usage
  • Used by Malware
  • Capable of File Transfer
  • Has Known Vulnerabilities
  • Prone to Misuse
  • Widely Used


All of these sections are visible on both the web page and the Web Interface except for the "Risk and Options" section. As long as you are logged in to the web interface with admin rights, you have the ability to change the timeout options PER APPLICATION. This is perfect if you need to adjust the TCP timeout value for a specific application but do not want to change it for ALL TCP applications. Just think of the web version of Applipedia as a Read Only version of the web interface of Applipedia.

 

Thanks for taking time to read this blog.

Don't forget to hit that Like (thumbs up) button and don't forget to subscribe to the LIVEcommunity Blog.

 

Stay Secure,
Kiwi out!

 
1 Comment
  • 11113 Views
  • 1 comments
  • 2 Likes
Register or Sign-in
Labels
Top Liked Authors