See the New and Modified App-IDs in a Content Release

For both downloaded and installed content updates, you can see a list of the new and modified App-IDs the update includes. Full application details are provided, and importantly, updates to applications with network-wide impact (for example, LDAP or IKE) are prominently flagged as a recommended for policy review. For modified App-IDs, application details also describe how coverage is either now expanded or more precise.
  1. Select
    Device
    Dynamic Updates
    and select
    Check Now
    to refresh the list of available content updates.
  2. For either a downloaded or currently installed content release, click
    Review Apps
    link in the
    Actions
    column to view details on newly-identified and modified applications in that release:
    content-update-review-apps.png
  3. Review the App-IDs this content release introduces or modifies since the last content version.
    New and modified App-IDs are listed separately. Full application details are provided for each, and App-IDs that Palo Alto Networks foresees as having network-wide impact are flagged as recommended for policy review.
    content-update-review-apps-dialog.png
    New App-ID details that you can use to assess possible impact to policy enforcement include:
    • Depends on
      —Lists the application signatures that this App-ID relies on to uniquely identify the application. If one of the application signatures listed in the
      Depends On
      field is disabled, the dependent App-ID is also disabled.
    • Previously Identified As
      —Lists the App-IDs that matched to the application before the new App-ID was installed to uniquely identify the application.
    • App-ID Enabled
      —All App-IDs display as enabled when a content release is downloaded, unless you choose to manually disable the App-ID signature before installing the content update.
    For modified App-IDs, details include information on:
    Expanded Coverage
    ,
    Remove False Positive
    , and application metadata changes. The Expanded Coverage and Remove False Positive fields both indicate how the application’s coverage has changed (it’s either more comprehensive or has been narrowed) and a clock icon indicates a metadata change, where certain application details are updated.
  4. Based on your findings, click
    Review Policies
    to see how the new and modified App-IDs impact security policy enforcement: See How New and Modified App-IDs Impact Your Security Policy.

Related Documentation