My Second LUA Parser - Writes Attachment Meta into Filename Meta

Document created by RSA Admin Employee on Dec 3, 2015
Version 1Show Document
  • View in full screen mode

Hi this is a simple LUA parser that just takes what is in the Attachment meta field and writes it into the Filename Meta Field.


The background to this is that I was getting Phising Emails that would have suspicious attachments on them. These were flagged as suspicious by the system, but the meta was being written into the attachment field.


I also have a log decoder in my system and my antivirus system was logging the same attachment under the filename meta.

This made it difficult to pivot around the same meta.


Here is my Simple LUA Parser as a solution

2 people found this helpful