metron#720

otto Wed, 30 Aug 2017 08:05:19 -0700
http://git-wip-us.apache.org/repos/asf/metron/blob/ffcb91ed/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt
----------------------------------------------------------------------
diff --git 
a/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt
 
b/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt
deleted file mode 100644
index f3be97a..0000000
--- 
a/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-<164>Mar 19 05:24:39 10.220.15.15 fenotify-851983.alert: 
CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:28:26 UTC 
dvc=10.201.78.57 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 
shost=dev001srv02.example.com proto=udp cs5Label=cncHost cs5=mfdclk001.org 
dvchost=DEVFEYE1 spt=54527 dvc=10.100.25.16 smac=00:00:0c:07:ac:00 
cn1Label=vlan cn1=0 externalId=851983 cs4Label=link 
cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851983 
dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS
-<164>Mar 19 05:24:39 10.220.15.15 fenotify-851987.alert: 
CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:33:41 UTC 
dvc=10.201.78.113 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 
shost=dev001srv02.example.com proto=udp cs5Label=cncHost cs5=mfdclk001.org 
dvchost=DEVFEYE1 spt=51218 dvc=10.100.25.16 smac=00:00:0c:07:ac:00 
cn1Label=vlan cn1=0 externalId=851987 cs4Label=link 
cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851987 
dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS
-<164>Mar 19 05:24:39 10.220.15.15 fenotify-3483808.2.alert: 1::~~User-Agent: 
WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET 
/files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: 
WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET 
/files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: 
WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET 
/files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: 
WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET 
/files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: 
WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET 
/files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: 
WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET 
/files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: 
WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET 
/files/mic
 roads/update/InjectScript.js HTTP
-<164>Mar 19 05:24:39 10.220.15.15 fenotify-793972.2.alert: Control: 
no-cache::~~::~~ dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Exploit.Kit.Magnitude
-<161>Apr  1 05:24:39 10.220.15.15 fenotify-864461.alert: 
CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC 
src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 
shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org 
dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 
externalId=864461 cs4Label=link 
cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 
act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS
-fireeye[-]: <161>Mar 19 05:24:39 10.220.15.15 fenotify-864461.alert: 
CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC 
src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 
shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org 
dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 
externalId=864461 cs4Label=link 
cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 
act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS
-fireeye[-]: <161>Apr  1 02:49:49 10.220.15.15 fenotify-900702.alert: 
CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Apr 01 2015 09:49:14 UTC 
src=10.1.97.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 
shost=abcd0060xzy03.example.com proto=udp spt=63100 cs5Label=cncHost 
cs5=mfdclk001.org dvchost=DEV1FEYE1 dvc=10.220.15.16 smac=00:00:0c:07:ac:00 
cn1Label=vlan cn1=0 externalId=900702 cs4Label=link 
cs4=https://ABCD0040CMS01.example.com/event_stream/events_for_bot?ev_id\=900702 
act=notified dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS
-<161>Apr 11 05:24:39 10.220.15.15 fenotify-864461.alert: 
CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC 
src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 
shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org 
dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 
externalId=864461 cs4Label=link 
cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 
act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS
\ No newline at end of file
[03/39] metron git commit: METRON-1136 Metron Extensions System and Parser Extensions Feature Branch (ottobackwards) closes apache/metron#720

Reply via email to
