metron-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject [09/18] metron git commit: METRON-962 Configuration Based Unit Tests and Add integration tests (justinleet via leet) closes apache/metron#612
Date Mon, 26 Jun 2017 17:27:30 GMT
http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java
b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java
index bbb4e88..50fdcd0 100644
--- a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java
+++ b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java
@@ -17,145 +17,41 @@
  */
 package org.apache.metron.parsers.lancope;
 
+import com.github.fge.jsonschema.core.exceptions.ProcessingException;
 import java.io.IOException;
 import java.net.URL;
 import java.util.Map;
-
+import org.apache.metron.parsers.AbstractParserConfigTest;
 import org.json.simple.JSONObject;
 import org.json.simple.parser.JSONParser;
 import org.json.simple.parser.ParseException;
-
-import org.apache.metron.parsers.AbstractSchemaTest;
 import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
 
-  /**
- * <ul>
- * <li>Title: Junit for LancopeParserTest</li>
- * <li>Description: </li>
- * <li>Created: Aug 25, 2014</li>
- * </ul>
- * @version $Revision: 1.1 $
- */
-public class BasicLancopeParserTest extends AbstractSchemaTest {
-    
-    /**
-     * The inputStrings.
-     */
-     private static String[] inputStrings;    
+public class BasicLancopeParserTest extends AbstractParserConfigTest {
 
+  @Before
+  public void setUp() throws Exception {
+    inputStrings = super.readTestDataFromFile("src/test/resources/logData/LancopeParserTest.txt");
+    parser = new BasicLancopeParser();
 
-    /**
-     * The parser.
-     */
-    private static BasicLancopeParser parser=null;   
+    URL schema_url = getClass().getClassLoader().getResource(
+        "TestSchemas/LancopeSchema.json");
+    super.setSchemaJsonString(super.readSchemaFromFile(schema_url));
+  }
 
-    /**
-     * Constructs a new <code>BasicLancopeParserTest</code> instance.
-     * @param name
-     */
+  @Test
+  public void testParse() throws ParseException, IOException, ProcessingException {
+    for (String inputString : inputStrings) {
+      JSONObject parsed = parser.parse(inputString.getBytes()).get(0);
+      Assert.assertNotNull(parsed);
 
-    public BasicLancopeParserTest(String name) {
-        super(name);
-    }
+      JSONParser parser = new JSONParser();
 
-    /**
-     
-     * @throws java.lang.Exception
-     */
-    protected static void setUpBeforeClass() throws Exception {        
+      Map<?, ?> json = (Map<?, ?>) parser.parse(parsed.toJSONString());
+      Assert.assertTrue(validateJsonData(getSchemaJsonString(), json.toString()));
     }
-
-    /**
-     
-     * @throws java.lang.Exception
-     */
-    protected static void tearDownAfterClass() throws Exception {
-    }
-
-    /* 
-     * (non-Javadoc)
-     * @see junit.framework.TestCase#setUp()
-     */
-    @Override
-    protected void setUp() throws Exception {
-        super.setUp("org.apache.metron.parsers.lancope.BasicLancopeParserTest");
-        setInputStrings(super.readTestDataFromFile(this.getConfig().getString("logFile")));
-        BasicLancopeParserTest.setParser(new BasicLancopeParser());   
-        
-        URL schema_url = getClass().getClassLoader().getResource(
-            "TestSchemas/LancopeSchema.json");
-        super.setSchemaJsonString(super.readSchemaFromFile(schema_url));      
-    }
-
-    /* 
-     * (non-Javadoc)
-     * @see junit.framework.TestCase#tearDown()
-     */
-    @Override
-    protected void tearDown() throws Exception {
-        super.tearDown();
-    }
-
-    /**
-     * Test method for {@link BasicLancopeParser#parse(byte[])}.
-     * @throws Exception 
-     * @throws IOException 
-     */
-    public void testParse() throws IOException, Exception {
-        
-        for (String inputString : getInputStrings()) {
-            JSONObject parsed = parser.parse(inputString.getBytes()).get(0);
-            assertNotNull(parsed);
-        
-            System.out.println(parsed);
-            JSONParser parser = new JSONParser();
-
-            Map<?, ?> json=null;
-            try {
-                json = (Map<?, ?>) parser.parse(parsed.toJSONString());
-                Assert.assertEquals(true, validateJsonData(super.getSchemaJsonString(), json.toString()));
-            } catch (ParseException e) {
-                e.printStackTrace();
-            }
-        }
-    }
-
-    /**
-    * Returns the parser.
-    * @return the parser.
-    */
-   
-   public static BasicLancopeParser getParser() {
-       return parser;
-   }
-
-   /**
-    * Sets the parser.
-    * @param parser the parser.
-    */
-   
-   public static void setParser(BasicLancopeParser parser) {
-   
-       BasicLancopeParserTest.parser = parser;
-   }
-
-   /**
-    * Returns the inputStrings.
-    * @return the inputStrings.
-    */
-   
-   public static String[] getInputStrings() {
-       return inputStrings;
-   }
-
-   /**
-    * Sets the inputStrings.
-    * @param inputStrings the inputStrings.
-    */
-   
-   public static void setInputStrings(String[] inputStrings) {
-   
-       BasicLancopeParserTest.inputStrings = inputStrings;
-   }   
+  }
 }
 

http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java
b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java
index 6edd546..cf93c92 100644
--- a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java
+++ b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java
@@ -17,141 +17,41 @@
  */
 package org.apache.metron.parsers.paloalto;
 
-import java.util.Iterator;
 import java.util.Map;
-
-import org.apache.metron.parsers.sourcefire.BasicSourcefireParser;
+import java.util.Map.Entry;
+import org.apache.metron.parsers.AbstractParserConfigTest;
 import org.json.simple.JSONObject;
 import org.json.simple.parser.JSONParser;
 import org.json.simple.parser.ParseException;
-
-import org.apache.metron.parsers.AbstractConfigTest;
 import org.junit.Assert;
-
-public class BasicPaloAltoFirewallParserTest extends AbstractConfigTest {
-    /**
-    * The inputStrings.
-    */
-   private static String[] inputStrings;
-
-    /**
-     * Constructs a new <code>BasicPaloAltoFirewallParserTest</code> instance.
-     * @throws Exception
-     */ 
-    public BasicPaloAltoFirewallParserTest() throws Exception {
-        super();        
+import org.junit.Before;
+import org.junit.Test;
+
+public class BasicPaloAltoFirewallParserTest extends AbstractParserConfigTest {
+
+  @Before
+  public void setUp() throws Exception {
+    inputStrings = readTestDataFromFile(
+        "src/test/resources/logData/PaloAltoFirewallParserTest.txt");
+    parser = new BasicPaloAltoFirewallParser();
+  }
+
+  @SuppressWarnings({"rawtypes"})
+  @Test
+  public void testParse() throws ParseException {
+    for (String inputString : inputStrings) {
+      JSONObject parsed = parser.parse(inputString.getBytes()).get(0);
+      Assert.assertNotNull(parsed);
+
+      JSONParser parser = new JSONParser();
+      Map json = (Map) parser.parse(parsed.toJSONString());
+
+      for (Object o : json.entrySet()) {
+        Entry entry = (Entry) o;
+        String key = (String) entry.getKey();
+        String value = json.get(key).toString();
+        Assert.assertNotNull(value);
+      }
     }
-
-     /**
-     * Sets the inputStrings.
-     * @param inputStrings the inputStrings.
-     */
-        
-    public static void setInputStrings(String[] inputStrings) {
-    
-        BasicPaloAltoFirewallParserTest.inputStrings = inputStrings;
-    }
-
-     /**
-     * The paParser.
-     */
-    private BasicPaloAltoFirewallParser paParser=null;
-
-		/**
-		 * @throws java.lang.Exception
-		 */
-		public static void setUpBeforeClass() throws Exception {
-		}
-
-		/**
-		 * @throws java.lang.Exception
-		 */
-		public static void tearDownAfterClass() throws Exception {
-			setPAStrings(null);
-		}
-
-		/**
-		 * @throws java.lang.Exception
-		 */
-		@Override
-		public void setUp() throws Exception {
-	          super.setUp("org.apache.metron.parsers.paloalto.BasicPaloAltoFirewallParserTest");
-	          setPAStrings(super.readTestDataFromFile(this.getConfig().getString("logFile")));
-	          paParser = new BasicPaloAltoFirewallParser();           
-		}
-
-		/**
-		 * 	
-		 * 	
-		 * @throws java.lang.Exception
-		 */
-		@Override
-		public void tearDown() throws Exception {
-			paParser = null;
-		}
-
-		/**
-		 * Test method for
-		 * {@link BasicSourcefireParser#parse(byte[])}.
-		 */
-		@SuppressWarnings({ "rawtypes" })
-		public void testParse() {
-			for (String inputString : getInputStrings()) {
-				JSONObject parsed = paParser.parse(inputString.getBytes()).get(0);
-				Assert.assertNotNull(parsed);
-			
-				System.out.println(parsed);
-				JSONParser parser = new JSONParser();
-
-				Map json=null;
-				try {
-					json = (Map) parser.parse(parsed.toJSONString());
-				} catch (ParseException e) {
-					e.printStackTrace();
-				}
-				Iterator iter = json.entrySet().iterator();
-				
-
-				while (iter.hasNext()) {
-					Map.Entry entry = (Map.Entry) iter.next();
-					String key = (String) entry.getKey();
-					String value = (String) json.get(key).toString();
-					Assert.assertNotNull(value);
-				}
-			}
-		}
-
-		/**
-		 * Returns  Input String
-		 */
-		public static String[] getInputStrings() {
-			return inputStrings;
-		}
-
-			
-		/**
-		 * Sets  Input String
-		 */	
-		public static void setPAStrings(String[] strings) {
-			BasicPaloAltoFirewallParserTest.inputStrings = strings;
-		}
-        
-        /**
-         * Returns the paParser.
-         * @return the paParser.
-         */
-        public BasicPaloAltoFirewallParser getPaParser() {
-            return paParser;
-        }
-
-        /**
-         * Sets the paParser.
-         * @param paParser the paParser.
-         */
-        
-        public void setPaParser(BasicPaloAltoFirewallParser paParser) {
-        
-            this.paParser = paParser;
-        }
-
-	}
+  }
+}

http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java
b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java
index f5056ba..dedd9db 100644
--- a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java
+++ b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java
@@ -17,142 +17,42 @@
  */
 package org.apache.metron.parsers.sourcefire;
 
-
-
-import java.util.Iterator;
 import java.util.Map;
-
+import java.util.Map.Entry;
+import org.apache.metron.parsers.AbstractParserConfigTest;
 import org.json.simple.JSONObject;
 import org.json.simple.parser.JSONParser;
 import org.json.simple.parser.ParseException;
-
-import org.apache.metron.parsers.AbstractConfigTest;
 import org.junit.Assert;
-
-/**
- * <ul>
- * <li>Title: Test For SourceFireParser</li>
- * <li>Description: </li>
- * <li>Created: July 8, 2014</li>
- * </ul>
- * @version $Revision: 1.0 $
- */
-public class BasicSourcefireParserTest extends AbstractConfigTest
-{
-     /**
-     * The sourceFireStrings.
-     */    
-    private static String[] sourceFireStrings;
-    
-     /**
-     * The sourceFireParser.
-     */
-    private BasicSourcefireParser sourceFireParser=null;
-
-
-    /**
-     * Constructs a new <code>BasicSourcefireParserTest</code> instance.
-     * @throws Exception
-     */
-     
-    public BasicSourcefireParserTest() throws Exception {
-        super();  
+import org.junit.Before;
+import org.junit.Test;
+
+public class BasicSourcefireParserTest extends AbstractParserConfigTest {
+
+  @Before
+  public void setUp() throws Exception {
+    inputStrings = super
+        .readTestDataFromFile("src/test/resources/logData/SourcefireParserTest.txt");
+    parser = new BasicSourcefireParser();
+  }
+
+  @SuppressWarnings({"rawtypes", "unused"})
+  @Test
+  public void testParse() throws ParseException {
+    for (String inputString : inputStrings) {
+      byte[] srcBytes = inputString.getBytes();
+      JSONObject parsed = parser.parse(inputString.getBytes()).get(0);
+      Assert.assertNotNull(parsed);
+
+      JSONParser parser = new JSONParser();
+      Map json = (Map) parser.parse(parsed.toJSONString());
+
+      for (Object o : json.entrySet()) {
+        Entry entry = (Entry) o;
+        String key = (String) entry.getKey();
+        String value = json.get("original_string").toString();
+        Assert.assertNotNull(value);
+      }
     }
-    
-	/**
-	 * @throws java.lang.Exception
-	 */
-	public static void setUpBeforeClass() throws Exception {
-	}
-
-	/**
-	 * @throws java.lang.Exception
-	 */
-	public static void tearDownAfterClass() throws Exception {
-		setSourceFireStrings(null);
-	}
-
-	/**
-	 * @throws java.lang.Exception
-	 */
-	@Override
-	public void setUp() throws Exception {
-        super.setUp("org.apache.metron.parsing.test.BasicSoureceFireParserTest");
-        setSourceFireStrings(super.readTestDataFromFile(this.getConfig().getString("logFile")));
-        sourceFireParser = new BasicSourcefireParser();
-	}
-
-	/**
-	 * 	
-	 * 	
-	 * @throws java.lang.Exception
-	 */
-	@Override
-	public void tearDown() throws Exception {
-		sourceFireParser = null;
-	}
-
-	/**
-	 * Test method for {@link BasicSourcefireParser#parse(byte[])}.
-	 */
-	@SuppressWarnings({ "rawtypes", "unused" })
-	public void testParse() {
-		for (String sourceFireString : getSourceFireStrings()) {
-		    byte[] srcBytes = sourceFireString.getBytes();
-			JSONObject parsed = sourceFireParser.parse(sourceFireString.getBytes()).get(0);
-			Assert.assertNotNull(parsed);
-		
-			System.out.println(parsed);
-			JSONParser parser = new JSONParser();
-
-			Map json=null;
-			try {
-				json = (Map) parser.parse(parsed.toJSONString());
-			} catch (ParseException e) {
-				e.printStackTrace();
-			}
-			Iterator iter = json.entrySet().iterator();
-			
-
-			while (iter.hasNext()) {
-				Map.Entry entry = (Map.Entry) iter.next();
-				String key = (String) entry.getKey();
-				String value = (String) json.get("original_string").toString();
-				Assert.assertNotNull(value);
-			}
-		}
-	}
-
-	/**
-	 * Returns SourceFire Input String
-	 */
-	public static String[] getSourceFireStrings() {
-		return sourceFireStrings;
-	}
-
-		
-	/**
-	 * Sets SourceFire Input String
-	 */	
-	public static void setSourceFireStrings(String[] strings) {
-		BasicSourcefireParserTest.sourceFireStrings = strings;
-	}
-    /**
-    * Returns the sourceFireParser.
-    * @return the sourceFireParser.
-    */
-   
-   public BasicSourcefireParser getSourceFireParser() {
-       return sourceFireParser;
-   }
-
-   /**
-    * Sets the sourceFireParser.
-    * @param sourceFireParser the sourceFireParser.
-    */
-   
-   public void setSourceFireParser(BasicSourcefireParser sourceFireParser) {
-   
-       this.sourceFireParser = sourceFireParser;
-   }	
+  }
 }

http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config
b/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config
deleted file mode 100644
index 9dbc3b6..0000000
--- a/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#GrokParserTestConfig
-logFile=src/test/resources/GrokParserTest.log

http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt
b/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt
new file mode 100644
index 0000000..f3be97a
--- /dev/null
+++ b/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt
@@ -0,0 +1,8 @@
+<164>Mar 19 05:24:39 10.220.15.15 fenotify-851983.alert: CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb
09 2015 12:28:26 UTC dvc=10.201.78.57 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=dev001srv02.example.com
proto=udp cs5Label=cncHost cs5=mfdclk001.org dvchost=DEVFEYE1 spt=54527 dvc=10.100.25.16 smac=00:00:0c:07:ac:00
cn1Label=vlan cn1=0 externalId=851983 cs4Label=link cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851983
dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS
+<164>Mar 19 05:24:39 10.220.15.15 fenotify-851987.alert: CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb
09 2015 12:33:41 UTC dvc=10.201.78.113 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=dev001srv02.example.com
proto=udp cs5Label=cncHost cs5=mfdclk001.org dvchost=DEVFEYE1 spt=51218 dvc=10.100.25.16 smac=00:00:0c:07:ac:00
cn1Label=vlan cn1=0 externalId=851987 cs4Label=link cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851987
dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS
+<164>Mar 19 05:24:39 10.220.15.15 fenotify-3483808.2.alert: 1::~~User-Agent: WinHttpClient::~~Host:
www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js
HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET
/files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection:
Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host:
www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js
HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET
/files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection:
Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host:
www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/mic
 roads/update/InjectScript.js HTTP
+<164>Mar 19 05:24:39 10.220.15.15 fenotify-793972.2.alert: Control: no-cache::~~::~~
dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Exploit.Kit.Magnitude
+<161>Apr  1 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar
19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com
proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8
cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461
act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS
+fireeye[-]: <161>Mar 19 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar
19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com
proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8
cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461
act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS
+fireeye[-]: <161>Apr  1 02:49:49 10.220.15.15 fenotify-900702.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Apr
01 2015 09:49:14 UTC src=10.1.97.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abcd0060xzy03.example.com
proto=udp spt=63100 cs5Label=cncHost cs5=mfdclk001.org dvchost=DEV1FEYE1 dvc=10.220.15.16
smac=00:00:0c:07:ac:00 cn1Label=vlan cn1=0 externalId=900702 cs4Label=link cs4=https://ABCD0040CMS01.example.com/event_stream/events_for_bot?ev_id\=900702
act=notified dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS
+<161>Apr 11 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar
19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com
proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8
cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461
act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS
\ No newline at end of file


Mime
View raw message