APP-DETECT -- Snort attempted to take unique patterns of traffic and match them to a known application pattern, to confirm whether traffic should be allowed or stopped. (For example, a Get request is usually an HTTP/web application exchange, perhaps Facebook Messenger or other instant messenger, etc.).
APP-DETECT iodine dns tunneling handshake server ACK
What To Look For
No public information
No known false positives
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information