/decoders/50_trend_decoder.xml
https://bitbucket.org/oscarschneider/ossec-rules · XML · 17 lines · 5 code · 5 blank · 7 comment · 0 complexity · beaf831f2f631e467f7a356fb5d16eff MD5 · raw file
- <!-- Trend Micro OSCE (Office Scan) decoder.
- - 20090716<;>948<;>TROJ_Generic.DIT<;>25<;>3<;>0<;>C:\Documents and Settings\Administrator\Desktop\HyperSnap 6.02.01_EN\HprSnap6Man.chm<;>
- - 20090716<;>950<;>WORM_DOWNAD.A<;>1<;>3<;>0<;>C:\Documents and Settings\DCS_VM-ICRC-WFBS6\Local Settings\Temporary Internet Files\Content.IE5\9JK3DN67\sitb[1].jpg<;>
- - 20090716<;>951<;>WORM_DOWNAD.A<;>1<;>3<;>0<;>C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\9JK3DN67\sitb[1].jpg<;>
- - Date<;>Time<;>Virus name<;>Scan result<;>Scan type<;>Seen<;>Filename<;>
- - We are only extracting the scan result right now.
- -->
- <decoder name="trend-osce">
- <prematch>^20\d\d\d\d\d\d\<;></prematch>
- <regex offset="after_prematch">^\d+\<;>\S+\<;>(\d+)\<;</regex>
- <order>id</order>
- </decoder>