/decoders/50_symantec_decoder.xml'
Unknown | 28 lines | 24 code | 4 blank | 0 comment | 0 complexity | 6b1ab0074189b89accd559961a7d0bdf MD5 | raw file
1 2 3<!-- Symantec AV decoder. 4 - Source: http://www.ossec.net/wiki/index.php/Symantec_Antivirus 5 - Examples: 6 - 24090D00000A,4,3,7,ACMELABS-SRV2,SYSTEM,,,,,,,16777216,"Update to computer ACMELABS-LU2K3 of virus definition file 81011r succeeded.",0,,0,,,,,0,,,,,,,,,,,,,(IP)-192.168.49.66,ACMELABSav,ACMELABS,,8.1.825 7 - 24090D00000F,4,3,7,ACMELABS-SRV2,SYSTEM,,,,,,,16777216,"Update to computer ACMELABS-APPS-BOX4 of virus definition file 81011r succeeded.",0,,0,,,,,0,,,,,,,,,,,,,(IP)-192.168.49.66,ACMELABSav,ACMELABS,,8.1.825 8 - 240801012128,5,1,720997,RBLWAP,SYSTEM,Trojan.Zlob,C:\WINDOWS\system32\ld100.tmp,5,4,4,256,570441764,"",0,,0,,0,4254,0,0,0,0,0,0,20060830.022,58100,2,4,0,acme-AVSRV,{579642AA-5A5E-46E1-8613-2289349D1F27},,(IP)-192.168.100.237,acmeav,acme,,8.1.825 9 --> 10<decoder name="symantec-av"> 11 <prematch>^\w\w\w\w\w\w\w\w\w\w\w\w,</prematch> 12 <regex offset="after_prematch">^(\d+),\d+,\d+,(\S+),(\.+),</regex> 13 <order>id, system_name, extra_data</order> 14 <fts>name, location, id, system_name, extra_data</fts> 15</decoder> 16 17 18<!-- Symantec Web Security. 19 - Source: http://www.ossec.net/wiki/index.php/Symantec_Websecurity 20 - Examples: 21 - 20070717,30517,1=3,41=SWS-3.0.1.86/vendor-config,100=Version 3.0.6,3=7,2=29 22 - 20070717,73556,1=5,100=Logoff due to timeout.,11=1.2.3.4,10=usera,3=1,2=2 23 20070717,73559,1=5,11=2.3.4.5,10=userb,3=2,2=1 24 --> 25<decoder name="symantec-websecurity"> 26 <prematch>^\d\d\d\d\d\d\d\d,\d\d\d+,</prematch> 27 <plugin_decoder>SymantecWS_Decoder</plugin_decoder> 28</decoder>