Skip to content

Commit

Permalink
Extractor for 1600-0065
Browse files Browse the repository at this point in the history
  • Loading branch information
ThoZed committed Jun 19, 2018
1 parent 5fcd7f2 commit 32276aa
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
1 change: 1 addition & 0 deletions LookupTables/fireware_msg_id_lookup_table.csv
Original file line number Diff line number Diff line change
Expand Up @@ -574,3 +574,4 @@
"7001-0009","INFO","Mobile Security / Endpoint Manager","Mobile device user session recreated","User session is recreated because the mobile device IP address changed."
"7002-0000","INFO","Mobile Security / Endpoint Manager","Mobile device Authorization Agreement sign action","The Device Authorization Agreement is either accepted or declined by a user at the specified local time."
"1600-0065","INFO","Networking / DHCP Server","DHCP Message","DHCP related Messages generated by builtin DHCP-Server"
"1600-0066","INFO","Networking / DHCP Server","DHCP Message","DHCP related Messages generated by builtin DHCP-Server"
15 changes: 14 additions & 1 deletion content_pack_input.json
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@
"converters": [],
"condition_type": "NONE",
"condition_value": "",
"order": 13
"order": 14
}, {
"title": "Firewall PacketFilter INFO 3000-0148",
"type": "GROK",
Expand Down Expand Up @@ -204,6 +204,19 @@
"condition_type": "REGEX",
"condition_value": "^.*msg_id=\"1600-0065\".*",
"order": 12
}, {
"title": "Networking DHCP INFO 1600-0066",
"type": "GROK",
"cursor_strategy": "COPY",
"target_field": "",
"source_field": "message",
"configuration": {
"grok_pattern": "^.*\\) %{NOTSPACE:service}\\[%{NOTSPACE:process}\\]: msg_id=\"1600-0066\" %{DHCPMESSAGE:dhcp_message} (from|(for %{IPV4:dhcp_clientip}|for %{IPV4:dhcp_clientip} \\(%{IPV4:dhcp_serverip}\\)) from) %{MAC:dhcp_clientmac} (via|\\(%{NOTSPACE:dhcp_clientname}\\) via) vlan%{NUMBER:dhcp_clientvlan}"
},
"converters": [],
"condition_type": "REGEX",
"condition_value": "^.*msg_id=\"1600-0066\".*",
"order": 13
}
]
}],
Expand Down

0 comments on commit 32276aa

Please sign in to comment.