passing correct value to disabled parameter

2021-12-15 17:02:31 +02:00 · 2021-12-15 17:02:31 +02:00 · 8e1b441333
--- a/Parsers/ASimNetworkSession/ProductParsers/imNetworkSession.yaml
+++ b/Parsers/ASimNetworkSession/ProductParsers/imNetworkSession.yaml
@ -1,7 +1,7 @@
 Parser:
  Title: Source Agnostic Network Session parser
-  Version: '0.2'
-  LastUpdated: Sep 12, 2021
+  Version: '0.3'
+  LastUpdated: Dec 15, 2021
 Product:
  Name: Source agnostic
 Normalization:
@ -54,9 +54,9 @@ ParserQuery: |
  {
  union isfuzzy=true
    vimNetworkSessionEmpty
-    , vimNetworkSessionLinuxSysmon                     (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, disabled)
-    , vimNetworkSessionMicrosoft365Defender            (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, disabled)
-    , vimNetworkSessionMD4IoT                          (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, disabled)
-    , vimNetworkSessionMicrosoftWindowsEventFirewall   (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, disabled)
+    , vimNetworkSessionLinuxSysmon                     (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, ASimBuiltInDisabled or ('ASimNetworkSessionLinuxSysmon'      in (DisabledParsers) ))
+    , vimNetworkSessionMicrosoft365Defender            (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, ASimBuiltInDisabled or ('ASimNetworkSessionMicrosoft365Defender'      in (DisabledParsers) ))
+    , vimNetworkSessionMD4IoT                          (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, ASimBuiltInDisabled or ('ASimNetworkSessionMD4IoT'      in (DisabledParsers) ))
+    , vimNetworkSessionMicrosoftWindowsEventFirewall   (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, ASimBuiltInDisabled or ('ASimNetworkSessionMicrosoftWindowsEventFirewall'      in (DisabledParsers) ))
  };
  NetworkSessionsGeneric(starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult)