traffic-id.yaml

# TLS SNI patterns.
tls-sni-patterns:

  # Bing.
  - id: bing
    labels:
      - search
    patterns:
      - bing.com

  # Facebook.
  - id: facebook
    labels:
      - social-network
    patterns:
      - facebook.com
      - facebook.net
      - fbcdn.net
      - fbcdn.com
      - fbsbx.com

  # Facebook Messenger.
  - id: facebook-messenger
    labels:
      - im
    patterns:
      - edge-chat.facebook.com

  # Gmail POP
  - id: gmail
    labels:
      - mail
      - pop3
    patterns:
      - pop.gmail.com
    ports:
      - 993

  # Google.
  - id: google
    labels:
      - search
    patterns:
      - google.com
      - googleapis.com
      - googlevideo.com
      - googleusercontent.com
      - google.cz
      - gstatic.com

  # Google Video (youtube, etc.)
  - id: google-video
    labels:
      - video
    patterns:
      - googlevideo.com

  # IRCCloud
  - id: irccloud
    label: im
    patterns:
      - irccloud.com

  # Lastpass.
  - id: lastpass
    labels:
      - password-management
    patterns:
      - lastpass.com

  # Signal chat.
  - id: whisper
    labels:
      - im
    patterns:
      - whispersystems.org

  # Netflix
  - id: netflix
    labels:
      - video
    patterns:
      - netflix.com
      - nflxso.net
      - nflxext.com
      - nflxvideo.net

  # Skype
  - id: skype
    labels:
      - im
    patterns:
      - skype.com
      - skypeassets.com

  # Snapchat.
  - id: snapchat
    labels:
      - im
    patterns:
      - feelinsonice.appspot.com
      - feelinsonice-hrd.appspot.com
      - snapchat.com

  # Twitter
  - id: twitter
    labels:
      - social-network
    patterns:
      - twitter.com
      - twimg.com

  # Whatsapp
  - id: whatsapp
    labels:
      - im
      - file-transfer
    patterns:
      - whatsapp.com

  # Instagram
  - id: instagram
    labels:
      - social-network
    patterns:
      - instagram.com
      - cdninstagram.com

# Traffic identification where more than simple lists of a specific
# pattern are required.
rules:

  # Debian APT-GET
  - id: debian-apt
    msg: "Debian APT-GET"
    labels:
      - software-update
    proto: http
    http_host: debian.org
    http_user_agent: Debian APT

  # Ubuntu APT-GET
  - id: ubuntu-apt
    msg: "Ubuntu APT-GET"
    labels:
      - software-update
    proto: http
    http_host: ubuntu.com
    http_user_agent: Debian APT

# Map short ID names to full names (or description)
id-map:
  bing: Bing
  facebook: Facebook
  facebook-messenger: Facebook Messenger
  google: Google Search and Other Services
  irccloud: IRCCloud
  lastpass: Lastpass
  netflix: Netflix
  skype: Skype
  snapchat: Snapchat
  twitter: Twitter
  whatsapp: WhatsApp Messenger
  whisper: Signal messaging application
  xmarks: XMarks
  instagram: Instagram

# Map labels to a description.
labels:
  social-network: Social Network
  chat: Chat
  file-transfer: File Transfer
  im: Instant Messaging
  video: Video Stream Service