From fbf46dd135825a91b0210b7c38709fe5349fe87d Mon Sep 17 00:00:00 2001
From: Tom Sellers <Tom_Sellers@rapid7.com>
Date: Fri, 7 May 2021 16:56:16 -0500
Subject: [PATCH] x.509 related updates (#357)

* x.509 related updates

* add VMware/Win Media Player

* Add CPE for Amazon S3

* Update Netscaler

* akamai and google improvements
---
 cpe-remap.yaml                  |  13 ++++
 identifiers/hw_family.txt       |   2 +
 identifiers/hw_product.txt      |   2 +
 identifiers/os_product.txt      |   1 +
 identifiers/service_family.txt  |   4 ++
 identifiers/service_product.txt |   6 ++
 identifiers/vendor.txt          |   1 +
 xml/favicons.xml                |   2 +
 xml/html_title.xml              |   2 +
 xml/http_servers.xml            |  15 ++--
 xml/http_wwwauth.xml            |   3 +
 xml/snmp_sysdescr.xml           |   3 +
 xml/x509_issuers.xml            |  20 ++++++
 xml/x509_subjects.xml           | 117 +++++++++++++++++++++++++++++---
 14 files changed, 176 insertions(+), 15 deletions(-)

diff --git a/cpe-remap.yaml b/cpe-remap.yaml
index 422f5937..6ec8502b 100644
--- a/cpe-remap.yaml
+++ b/cpe-remap.yaml
@@ -3,6 +3,9 @@ mappings:
     vendor: alpinelinux
     products:
       linux: alpine_linux
+  amazon:
+    products:
+      s3: web_services_simple_storage_service
   apache:
     products:
       httpd: http_server
@@ -71,6 +74,9 @@ mappings:
       big-ip_ltm: big-ip_local_traffic_manager
   fedora_project:
     vendor: fedoraproject
+  google:
+    products:
+      google_web_services: web_server
   hp:
     products:
       ilo: integrated_lights_out
@@ -95,6 +101,9 @@ mappings:
       junos_os: junos
   kibana:
     vendor: elasticsearch
+  kubernetes:
+    products:
+      nginx_ingress_controller: ingress-nginx
   kodi:
     products:
       media_server: kodi
@@ -201,6 +210,10 @@ mappings:
       desktop: tightvnc
   tor_project:
     vendor: torproject
+  traefik_labs:
+    vendor: containous
+    products:
+      traefik_proxy: traefik
   twistedmatrix:
     products:
       twisted_web: twistedweb
diff --git a/identifiers/hw_family.txt b/identifiers/hw_family.txt
index 92517a68..4bad3e15 100644
--- a/identifiers/hw_family.txt
+++ b/identifiers/hw_family.txt
@@ -46,7 +46,9 @@ My Book
 NE
 NPort
 NetVanta
+Netscaler
 Network Audio
+Network Security Appliance
 Network Video Door Station
 Optra
 Orbi
diff --git a/identifiers/hw_product.txt b/identifiers/hw_product.txt
index a577a543..9a23caf7 100644
--- a/identifiers/hw_product.txt
+++ b/identifiers/hw_product.txt
@@ -210,9 +210,11 @@ NPort
 NetScreen
 NetVR
 Netbox
+Netscaler Gateway
 Network Camera
 Network Gateway
 Network Node
+Network Security Appliance
 Nexus 1000V
 Nexus Player
 OfficeConnect Switch
diff --git a/identifiers/os_product.txt b/identifiers/os_product.txt
index d14a2090..d4e76668 100644
--- a/identifiers/os_product.txt
+++ b/identifiers/os_product.txt
@@ -157,6 +157,7 @@ NetScaler Gateway
 NetScaler SDX Gateway
 NetVanta
 NetWare
+Netscaler Gateway Firmware
 Network Gateway
 Network Scanner
 Network Storage Router
diff --git a/identifiers/service_family.txt b/identifiers/service_family.txt
index eb84fe5a..d430dfc0 100644
--- a/identifiers/service_family.txt
+++ b/identifiers/service_family.txt
@@ -95,6 +95,7 @@ JetDirect
 Jetty
 Joom!Fish
 Knot
+Kubernetes
 ListManager
 Lotus Domino
 Lotus Expeditor
@@ -128,6 +129,7 @@ NetWare Enterprise Web Server
 NetWare HTTP Server
 NetWare HTTP Stack
 NetWeaver
+Netscaler
 Network Printer Manager
 Niagara
 OpenAdStream
@@ -188,6 +190,7 @@ TippingPoint
 Tivoli
 Tomcat
 Tornado
+Traefik
 Twisted
 Twisted Web
 UPnP
@@ -208,6 +211,7 @@ VoiP Gateway
 WS_FTP
 WeOnlyDo
 Web PN Server
+Web Services
 WebGUI
 WebLogic
 WebServer
diff --git a/identifiers/service_product.txt b/identifiers/service_product.txt
index 7def3287..dbe445d0 100644
--- a/identifiers/service_product.txt
+++ b/identifiers/service_product.txt
@@ -228,6 +228,7 @@ Kestrel web server
 Kibana
 Kiwi Syslog
 Knot DNS
+Kubernetes
 LDAP Agent for eDirectory
 LDAP Server
 LLBServer
@@ -280,6 +281,7 @@ Multicraft
 Munin
 MySQL
 MySQL Proxy
+NGINX Ingress Controller
 NNTP
 NQ
 NTMail
@@ -308,6 +310,7 @@ NetWeaver Application Server
 NetWeaver Application Server Java
 NetWeaver Internet Communication Manager
 NetWeaver Web AS
+Netscaler
 Network Monitor
 Network Printer Manager
 Nexpose
@@ -464,6 +467,7 @@ Tivoli Storage Manager
 Tomcat
 Tor
 Tornado
+Traefik Proxy
 Twisted FTPD
 Twisted Web
 Twonky Media Server
@@ -481,6 +485,7 @@ VShell
 Varnish
 Vault
 VcXsrv
+View
 Vignette
 Virtual Directory Server
 Virtual Environment
@@ -513,6 +518,7 @@ WinRoute
 WinSSHD
 WinWebMail
 Windows CE Web Server
+Windows Media Player
 Windows Media Server
 Wing FTP Server
 Work Server
diff --git a/identifiers/vendor.txt b/identifiers/vendor.txt
index 621a1e80..045ecd13 100644
--- a/identifiers/vendor.txt
+++ b/identifiers/vendor.txt
@@ -695,6 +695,7 @@ Tokutek
 Tor Project
 TornadoWeb
 Toshiba
+Traefik Labs
 Treck
 Tridium
 Troy
diff --git a/xml/favicons.xml b/xml/favicons.xml
index b12b1e58..71110dba 100644
--- a/xml/favicons.xml
+++ b/xml/favicons.xml
@@ -1065,7 +1065,9 @@
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.family" value="SonicOS"/>
+    <param pos="0" name="os.product" value="SonicOS"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
   </fingerprint>
 
   <fingerprint pattern="^e4fd990b4b8a5d61bd5ddb98cdfc7190$">
diff --git a/xml/html_title.xml b/xml/html_title.xml
index 2fa0b5fc..7e2bc09e 100644
--- a/xml/html_title.xml
+++ b/xml/html_title.xml
@@ -338,6 +338,8 @@
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.family" value="SonicOS"/>
+    <param pos="0" name="os.product" value="SonicOS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(.*).nbsp;-.nbsp;Synology.nbsp;DiskStation$">
diff --git a/xml/http_servers.xml b/xml/http_servers.xml
index e3823da0..dcba9e17 100644
--- a/xml/http_servers.xml
+++ b/xml/http_servers.xml
@@ -1870,7 +1870,7 @@
     <param pos="0" name="service.family" value="SSL-VPN"/>
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="VPN"/>
-    <param pos="0" name="os.family" value="SSL-VPN"/>
+    <param pos="0" name="os.family" value="SonicOS"/>
     <param pos="0" name="os.product" value="SonicOS"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
     <param pos="0" name="hw.vendor" value="SonicWall"/>
@@ -2958,21 +2958,26 @@
 
   <!-- Service provider equipment (CDNs, etc) -->
 
-  <fingerprint pattern="^AkamaiGHost$">
+  <fingerprint pattern="^(?:Akamai)?GHost$">
     <description>Akamai Global Host</description>
     <example>AkamaiGHost</example>
+    <example>GHost</example>
     <param pos="0" name="service.vendor" value="Akamai"/>
     <param pos="0" name="service.product" value="GHost"/>
     <param pos="0" name="os.vendor" value="Akamai"/>
+    <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.device" value="Web Proxy"/>
   </fingerprint>
 
+  <!-- Banner used for many Google services such as search, Gmail, etc. -->
+
   <fingerprint pattern="^gws$">
     <description>Google Web Services</description>
     <example>gws</example>
     <param pos="0" name="service.vendor" value="Google"/>
-    <param pos="0" name="service.product" value="Google Web Services"/>
     <param pos="0" name="service.family" value="Google Web Server"/>
+    <param pos="0" name="service.product" value="Google Web Services"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:google:web_server:-"/>
   </fingerprint>
 
   <fingerprint pattern="^GFE/((?:\d+\.)*\d+)$">
@@ -2980,8 +2985,8 @@
     <example>GFE/1.3</example>
     <example>GFE/1</example>
     <param pos="0" name="service.vendor" value="Google"/>
-    <param pos="0" name="service.product" value="Google Front End"/>
     <param pos="0" name="service.family" value="Google Web Server"/>
+    <param pos="0" name="service.product" value="Google Front End"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
 
@@ -3004,7 +3009,9 @@
     <description>Amazon S3 (Simple Cloud Storage Service)</description>
     <example>AmazonS3</example>
     <param pos="0" name="service.vendor" value="Amazon"/>
+    <param pos="0" name="service.family" value="Web Services"/>
     <param pos="0" name="service.product" value="S3"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:amazon:web_services_simple_storage_service:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Amazon SimpleDB$">
diff --git a/xml/http_wwwauth.xml b/xml/http_wwwauth.xml
index 0330aac8..f4b64318 100644
--- a/xml/http_wwwauth.xml
+++ b/xml/http_wwwauth.xml
@@ -203,6 +203,9 @@
     <description>Kubernetes master nodes</description>
     <example>Basic realm="kubernetes-master"</example>
     <param pos="0" name="service.vendor" value="Kubernetes"/>
+    <param pos="0" name="service.family" value="Kubernetes"/>
+    <param pos="0" name="service.product" value="Kubernetes"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
   </fingerprint>
 
   <fingerprint pattern="(?i)^(?:Basic|Digest) realm=&quot;RUIJIE(?:-CPE)?&quot;.*$">
diff --git a/xml/snmp_sysdescr.xml b/xml/snmp_sysdescr.xml
index 1291af1a..baccc2dc 100644
--- a/xml/snmp_sysdescr.xml
+++ b/xml/snmp_sysdescr.xml
@@ -6167,6 +6167,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.product" value="SonicOS"/>
+    <param pos="0" name="hw.vendor" value="SonicWall"/>
     <param pos="1" name="hw.product"/>
     <param pos="2" name="hw.model"/>
     <param pos="3" name="os.version"/>
@@ -6180,6 +6181,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.product" value="SonicOS"/>
+    <param pos="0" name="hw.vendor" value="SonicWall"/>
     <param pos="1" name="hw.product"/>
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:{os.version}"/>
@@ -6199,6 +6201,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.product" value="SonicOS"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
+    <param pos="0" name="hw.vendor" value="SonicWall"/>
     <param pos="1" name="hw.family"/>
     <param pos="2" name="hw.product"/>
   </fingerprint>
diff --git a/xml/x509_issuers.xml b/xml/x509_issuers.xml
index ffbb19f6..e5f9ae67 100644
--- a/xml/x509_issuers.xml
+++ b/xml/x509_issuers.xml
@@ -174,4 +174,24 @@
     <param pos="0" name="hw.device" value="NAS"/>
   </fingerprint>
 
+  <fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
+    <description>Citrix Netscaler (later renamed to Citrix ADC)</description>
+    <example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
+    <example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
+    <param pos="0" name="service.vendor" value="Citrix"/>
+    <param pos="0" name="service.family" value="Netscaler"/>
+    <param pos="0" name="service.product" value="Netscaler"/>
+    <param pos="0" name="service.device" value="Network Management Device"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
+    <param pos="0" name="os.vendor" value="Citrix"/>
+    <param pos="0" name="os.family" value="Netscaler"/>
+    <param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
+    <param pos="0" name="os.device" value="Network Management Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
+    <param pos="0" name="hw.vendor" value="Citrix"/>
+    <param pos="0" name="hw.family" value="Netscaler"/>
+    <param pos="0" name="hw.product" value="Netscaler Gateway"/>
+    <param pos="0" name="hw.device" value="Network Management Device"/>
+  </fingerprint>
+
 </fingerprints>
\ No newline at end of file
diff --git a/xml/x509_subjects.xml b/xml/x509_subjects.xml
index c4b6a763..4c822dee 100644
--- a/xml/x509_subjects.xml
+++ b/xml/x509_subjects.xml
@@ -477,6 +477,7 @@
   <fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$">
     <description>VMware ESX</description>
     <example>CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
+    <param pos="0" name="service.vendor" value="VMware"/>
     <param pos="0" name="os.vendor" value="VMware"/>
     <param pos="0" name="os.product" value="ESX"/>
     <param pos="0" name="os.device" value="Hypervisor"/>
@@ -497,6 +498,24 @@
     <param pos="0" name="service.product" value="Site Recovery Manager"/>
   </fingerprint>
 
+  <fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware Horizon View default certificate,O=VMware\\, Inc.$">
+    <description>VMware Horizon (formerly View)</description>
+    <example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware Horizon View default certificate,O=VMware\, Inc.</example>
+    <param pos="0" name="service.vendor" value="VMware"/>
+    <param pos="0" name="service.product" value="Horizon"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:vmware:horizon:-"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+
+  <fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware View default certificate,O=VMware\\, Inc.$">
+    <description>VMware View</description>
+    <example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware View default certificate,O=VMware\, Inc.</example>
+    <param pos="0" name="service.vendor" value="VMware"/>
+    <param pos="0" name="service.product" value="View"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:vmware:view:-"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+
   <fingerprint pattern="^CN=IOS-Self-Signed-Certificate-">
     <description>Cisco IOS Default Certificate</description>
     <example>CN=IOS-Self-Signed-Certificate-4163115936</example>
@@ -508,6 +527,62 @@
     <param pos="0" name="hw.device" value="Router"/>
   </fingerprint>
 
+  <fingerprint pattern="^CN=kube-apiserver$">
+    <description>Kubernetes api-server default certificate</description>
+    <example>CN=kube-apiserver</example>
+    <param pos="0" name="service.vendor" value="Kubernetes"/>
+    <param pos="0" name="service.family" value="Kubernetes"/>
+    <param pos="0" name="service.product" value="Kubernetes"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^CN=kubernetes-master$">
+    <description>Kubernetes Control Plane (formerly master) default certificate</description>
+    <example>CN=kubernetes-master</example>
+    <param pos="0" name="service.vendor" value="Kubernetes"/>
+    <param pos="0" name="service.family" value="Kubernetes"/>
+    <param pos="0" name="service.product" value="Kubernetes"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co$">
+    <description>Kubernetes NGINX Ingress Controller with default cert</description>
+    <example>CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co</example>
+    <param pos="0" name="service.vendor" value="Kubernetes"/>
+    <param pos="0" name="service.family" value="Kubernetes"/>
+    <param pos="0" name="service.product" value="NGINX Ingress Controller"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:nginx_ingress_controller:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^CN=TRAEFIK DEFAULT CERT$">
+    <description>Traefik Proxy default certificate</description>
+    <example>CN=TRAEFIK DEFAULT CERT</example>
+    <param pos="0" name="service.vendor" value="Traefik Labs"/>
+    <param pos="0" name="service.family" value="Traefik"/>
+    <param pos="0" name="service.product" value="Traefik Proxy"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:containous:traefik:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
+    <description>Citrix Netscaler (later renamed to Citrix ADC)</description>
+    <example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
+    <example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
+    <param pos="0" name="service.vendor" value="Citrix"/>
+    <param pos="0" name="service.family" value="Netscaler"/>
+    <param pos="0" name="service.product" value="Netscaler"/>
+    <param pos="0" name="service.device" value="Network Management Device"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
+    <param pos="0" name="os.vendor" value="Citrix"/>
+    <param pos="0" name="os.family" value="Netscaler"/>
+    <param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
+    <param pos="0" name="os.device" value="Network Management Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
+    <param pos="0" name="hw.vendor" value="Citrix"/>
+    <param pos="0" name="hw.family" value="Netscaler"/>
+    <param pos="0" name="hw.product" value="Netscaler Gateway"/>
+    <param pos="0" name="hw.device" value="Network Management Device"/>
+  </fingerprint>
+
   <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=(?:Cast|Google TV),O=Google Inc,L=Mountain View,ST=California,C=US$">
     <description>Google Chromecast</description>
     <example chromecast.serial_number="LVDZG5" host.mac_local="FA8FCA67413D">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
@@ -1064,13 +1139,30 @@
   </fingerprint>
 
   <fingerprint pattern="^CN=[0-9\.]+,OU=SSL-VPN,O=SonicWALL\\, Inc\.,L=Sunnyvale,ST=CA,C=US$">
-    <description>SonicWALL Firewall</description>
+    <description>SonicWALL SSL-VPN</description>
     <example>CN=192.168.200.1,OU=SSL-VPN,O=SonicWALL\, Inc.,L=Sunnyvale,ST=CA,C=US</example>
+    <param pos="0" name="service.vendor" value="SonicWall"/>
+    <param pos="0" name="service.family" value="SSL-VPN"/>
     <param pos="0" name="hw.vendor" value="SonicWall"/>
     <param pos="0" name="hw.device" value="VPN"/>
     <param pos="0" name="os.vendor" value="SonicWall"/>
-    <param pos="0" name="os.product" value="VPN"/>
-    <param pos="0" name="os.family" value="VPN"/>
+    <param pos="0" name="os.family" value="SonicOS"/>
+    <param pos="0" name="os.product" value="SonicOS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^CN=[0-9\.]+,OU=HTTPS Management Certificate for SonicWALL \(self-signed\),O=HTTPS Management Certificate for SonicWALL \(self-signed\),L=Sunnyvale,ST=California,C=US$">
+    <description>SonicWALL Network Security Appliance firewall</description>
+    <example>CN=192.168.168.168,OU=HTTPS Management Certificate for SonicWALL (self-signed),O=HTTPS Management Certificate for SonicWALL (self-signed),L=Sunnyvale,ST=California,C=US</example>
+    <param pos="0" name="hw.vendor" value="SonicWall"/>
+    <param pos="0" name="hw.product" value="Network Security Appliance"/>
+    <param pos="0" name="hw.family" value="Network Security Appliance"/>
+    <param pos="0" name="hw.device" value="Firewall"/>
+    <param pos="0" name="os.vendor" value="SonicWall"/>
+    <param pos="0" name="os.family" value="SonicOS"/>
+    <param pos="0" name="os.product" value="SonicOS"/>
+    <param pos="0" name="os.device" value="Firewall"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
   </fingerprint>
 
   <fingerprint pattern="^CN=.*\.akamai\.net,O=Akamai Technologies\\, Inc\.,L=Cambridge,ST=Massachusetts,C=US$">
@@ -1242,14 +1334,6 @@
     <param pos="0" name="service.device" value="Firewall"/>
   </fingerprint>
 
-  <fingerprint pattern="^CN=VMware default certificate,OU=vCenterServer.*,O=VMware\\, Inc\.$">
-    <description>VMware vCenter</description>
-    <example>CN=VMware default certificate,OU=vCenterServer_2013.09.26_220623,O=VMware\, Inc.</example>
-    <param pos="0" name="service.vendor" value="VMware"/>
-    <param pos="0" name="service.product" value="vCenter"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:vmware:vcenter_server:-"/>
-  </fingerprint>
-
   <fingerprint pattern="^CN=selfappliance,OU=Engineering,O=Symplified,L=Boulder,ST=Colorado,C=US$">
     <description>Symplified IAM Appliance (now RSA)</description>
     <example>CN=selfappliance,OU=Engineering,O=Symplified,L=Boulder,ST=Colorado,C=US</example>
@@ -1511,4 +1595,15 @@
     <param pos="0" name="hw.product" value="SD-WAN"/>
   </fingerprint>
 
+  <fingerprint pattern="^CN=Windows Media Player Network Sharing Service \(([A-Z-]{1,15})\)$">
+    <description>Windows Media Player Network Sharing Service</description>
+    <example host.name="LIVING-ROOM">CN=Windows Media Player Network Sharing Service (LIVING-ROOM)</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.product" value="Windows Media Player"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:windows_media_player:-"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+
 </fingerprints>
\ No newline at end of file