File uploaded by RSA Admin Employee on Dec 16, 2014Last modified by RSA Admin Employee on Sep 21, 2015
Version 6Show Document
  • View in full screen mode

PARSERS - A Treatise on Writing Packet Parsers for Security Analytics


If you're interested in learning to write your own custom packet parsers, this is the information you need.  It covers parser writing from the ground up.


It begins with the fundamentals, such as the of role parsers, what makes for good meta, and how parsers see sessions.  It covers the basics of finding, extracting, and registering meta, as well as how to debug your parser.  It discusses intermediate and advanced parser capabilities, as well as some alternate techniques.  It even includes a selection of parsers from Live in plaintext.


The book itself is provided in both Word and PDF.  The example parsers are included both as individual files and embedded in the Word document.


CAVEAT:  This isn't intended to be official documentation, and has not been blessed as such.