PageRenderTime 43ms CodeModel.GetById 30ms app.highlight 1ms RepoModel.GetById 0ms app.codeStats 0ms

/decoders/50_trend_decoder.xml

https://bitbucket.org/oscarschneider/ossec-rules
XML | 17 lines | 5 code | 5 blank | 7 comment | 0 complexity | beaf831f2f631e467f7a356fb5d16eff MD5 | raw file
 1
 2
 3
 4
 5<!-- Trend Micro OSCE (Office Scan) decoder.
 6  - 20090716<;>948<;>TROJ_Generic.DIT<;>25<;>3<;>0<;>C:\Documents and Settings\Administrator\Desktop\HyperSnap 6.02.01_EN\HprSnap6Man.chm<;>
 7  - 20090716<;>950<;>WORM_DOWNAD.A<;>1<;>3<;>0<;>C:\Documents and Settings\DCS_VM-ICRC-WFBS6\Local Settings\Temporary Internet Files\Content.IE5\9JK3DN67\sitb[1].jpg<;>
 8  - 20090716<;>951<;>WORM_DOWNAD.A<;>1<;>3<;>0<;>C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9JK3DN67\sitb[1].jpg<;>
 9  - Date<;>Time<;>Virus name<;>Scan result<;>Scan type<;>Seen<;>Filename<;>
10  - We are only extracting the scan result right now.
11  -->
12<decoder name="trend-osce">
13  <prematch>^20\d\d\d\d\d\d\<;></prematch>
14  <regex offset="after_prematch">^\d+\<;>\S+\<;>(\d+)\<;</regex>
15  <order>id</order>
16</decoder>
17