From 8e1b441333f56dc0eda7668ae01b23aeed4f0650 Mon Sep 17 00:00:00 2001 From: Yaron <49263271+YaronFruchtmann@users.noreply.github.com> Date: Wed, 15 Dec 2021 17:02:31 +0200 Subject: [PATCH] passing correct value to disabled parameter --- .../ProductParsers/imNetworkSession.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Parsers/ASimNetworkSession/ProductParsers/imNetworkSession.yaml b/Parsers/ASimNetworkSession/ProductParsers/imNetworkSession.yaml index 50e7c067a1..025ee86a8b 100644 --- a/Parsers/ASimNetworkSession/ProductParsers/imNetworkSession.yaml +++ b/Parsers/ASimNetworkSession/ProductParsers/imNetworkSession.yaml @@ -1,7 +1,7 @@ Parser: Title: Source Agnostic Network Session parser - Version: '0.2' - LastUpdated: Sep 12, 2021 + Version: '0.3' + LastUpdated: Dec 15, 2021 Product: Name: Source agnostic Normalization: @@ -54,9 +54,9 @@ ParserQuery: | { union isfuzzy=true vimNetworkSessionEmpty - , vimNetworkSessionLinuxSysmon (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, disabled) - , vimNetworkSessionMicrosoft365Defender (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, disabled) - , vimNetworkSessionMD4IoT (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, disabled) - , vimNetworkSessionMicrosoftWindowsEventFirewall (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, disabled) + , vimNetworkSessionLinuxSysmon (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, ASimBuiltInDisabled or ('ASimNetworkSessionLinuxSysmon' in (DisabledParsers) )) + , vimNetworkSessionMicrosoft365Defender (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, ASimBuiltInDisabled or ('ASimNetworkSessionMicrosoft365Defender' in (DisabledParsers) )) + , vimNetworkSessionMD4IoT (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, ASimBuiltInDisabled or ('ASimNetworkSessionMD4IoT' in (DisabledParsers) )) + , vimNetworkSessionMicrosoftWindowsEventFirewall (starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult, ASimBuiltInDisabled or ('ASimNetworkSessionMicrosoftWindowsEventFirewall' in (DisabledParsers) )) }; NetworkSessionsGeneric(starttime, endtime, srcipaddr_has_any_prefix, dstipaddr_has_any_prefix, dstportnumber, url_has_any, httpuseragent_has_any, hostname_has_any, dvcaction, eventresult) \ No newline at end of file