Article Content
Article Number | 000032217 |
Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: Malware Analysis Platform: CentOS O/S Version: EL5 / EL6 |
Tasks | What is the criteria based on which Malware Analysis decides to use the spectrum.analyze and spectrum.analyze11 meta? |
Resolution | spectrum.analyze - Decoder creates meta based upon file types seen in the session and total file size. File types are EXE, RAR, ZIP, base64 encoded zip, base64 encoded rar and base64 encoded exe. The file size is max 16MB spectrum.analyze11 - Decoder creates meta based upon file type seen in the session and total file size. File types are Office 95-2003 Word document, Office 95-2003 Excel document, Office 95-2003 PowerPoint document, Office 95-2003 document, Office 2007 document, pdf and rtf. The file size is max 16MB |
Notes | The following parsers are required to generate spectrum.analyze and spectrum.analyze11 meta. spectrum_lua or Spectrum Consume and Spectrum 1.1 Parser Deploying the above parser from Live will also deploy some additional resources that have dependencies to the spectrum parsers. |