000032217 - What is the criteria based on which RSA Security Analytics Malware Analysis decides to use the spectrum.analyze and spectrum.analyze11 meta?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Aug 5, 2017
Version 3Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000032217
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Malware Analysis
Platform: CentOS
O/S Version: EL5 / EL6
TasksWhat is the criteria based on which Malware Analysis decides to use the spectrum.analyze and spectrum.analyze11 meta?
Resolution

spectrum.analyze - Decoder creates meta based upon file types seen in the session and total file size. File types are EXE, RAR, ZIP, base64 encoded zip, base64 encoded rar and base64 encoded exe. The file size is max 16MB


spectrum.analyze11 - Decoder creates meta based upon file type seen in the session and total file size. File types are Office 95-2003 Word document, Office 95-2003 Excel document, Office 95-2003 PowerPoint document, Office 95-2003 document, Office 2007 document, pdf and rtf. The file size is max 16MB

NotesThe following parsers are required to generate spectrum.analyze and spectrum.analyze11 meta.
spectrum_lua
or
Spectrum Consume and Spectrum 1.1 Parser
Deploying the above parser from Live will also deploy some additional resources that have dependencies to the spectrum parsers.
 

Attachments

    Outcomes