For the most recent Live update to http_lua parser, I see that there are
now new keys available. Examples (full list can be seen in
-Config-General--Parsers Configuration--HTTP_lua set.cookie,
websocket, x.amz.id.1, x.cache.hits, x.target, etc Does a...
Is anyone else having issues finding expected meta from the HTTP_lua
parser? Particularly I'm concerned that the latest version of the parser
may not be parsing out these pieces of meta but there may be
others: http post no gethttp suspicious 4 head...
I'm working on a packet parser that I could use some Community help
with.Essentially I'm trying to find a token and then register that token
as meta in an existing key. Additionally, if more than one token is
found in the session - register the other...
Question please:Towards the bottom of this post, under 'RSA NetWitness
Network', you mention 'The use of the "Administrator" account to login
over SMB' --> however, the SMB_lua parser does not have a meta key for
'username',so can you help me underst...
Suggest looking at implementing logic as follows:1) identifying DNS
responses larger than 64 K bytes- you could create an AppRule similar to
this: service=53 && payload.res=64000-u 2) identifying DNS query type is
SIG record- this is currently parsed...
Careful if you simply Copy/Paste the AppRule logic to your
query/AppRule....there are extra spaces that should be omitted:
'werkzeug ' --> should be 'werkzeug''updog.png ' --> should be
'updog.png' Corrected syntax: server begins 'werkzeug' && filena...