Application definitionsΒΆ

To import a list of application definition rules, execute the following from the scrut_util interactive shell (SCRUTINIZER> prompt):

import applications <PATH/FILE> [reset]

Direct shell/script syntax

scrut_util --import applications --file <PATH/FILE> [--reset]

File requirements

The file to be imported must a be CSV file.

Using the file /home/plixer/scrutinizer/files/ipgroup_import.csv for application rule definitions is recommended.

Definition format

Each application-rule pairing should be in a single line, following the format:

'APPLICATION NAME',RULE

Additional notes

  • Rules can defined as any of the following:

    • Subnets

    • Single IP address

    • IP address ranges

    • Wildcard masks

    • Child rules (must be defined first)

    • Port and protocol

  • For an application definition to be valid, it must include at least one port rule and one rule of any other type. The import file may include applications that do not meet this requirement, but they will not be considered a defined application by Plixer Scrutinizer.

  • Passing the reset option will delete all existing application definitions/rules before the import operation.

  • If the reset option is not used, imported rules will be added to the specified application if it already exists.

  • Each import operation supports up to 100,000 application rule definitions.

Definition examples

Rule types:

'Application subnet rule',10.0.0.0/8
'Application single IP rule',10.1.1.1
'Application IP range rule',10.0.0.1-10.0.0.42
'Application wildcard mask rule',10.0.0.1/0.255.255.0
'Parent application with a child rule', 'My Child Application Rule'
'Application port and protocol rule',0-65535/256