Mapping of Flex to Lua Parsers

Document created by RSA Information Design and Development Employee on Jul 14, 2017Last modified by RSA Information Design and Development Employee on Feb 14, 2020
Version 131Show Document
  • View in full screen mode
 

This applies to only customers with Network Decoders deployed. The following table contains mapping for the discontinued flex parsers to the currently maintained Lua Parsers.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     
Flex Parser Live Display NameFlex Parser File NameLua Parser Equivalent Display NameLua Parser File Name

Advanced Windows Executable

advanced_windows_executable.flex

windows_executable

windows_executable.luax

AOL Instant Messenger Express

aim-express.flex

AIM_lua

aim.luax

Ares File Sharing Protocol

ares.flex

none

 

BGP Protocol Identification

bgp_identify.flex

BGP_lua

bgp.luax

BitTorrent

bittorrent.flex

bittorrent_lua

bittorrent.luax

Bittorrent Protocol Identification

bittorrent-id.flex

bittorrent_lua

bittorrent.luax

Blog Parser

blog.flex

none

 

Botnet Traffic Patterns

botnet.flex

none

 

Browser Detection

browser_detect.flex

HTTP_lua

http.luax

BROWSER-TYPE

user_agent.flex

HTTP_lua

http.luax

CMS Windows Executable

CMS_windows_executable_v5.flex

windows_executable

windows_executable.luax

CMS_Jackal_SSL_cert

CMS_Jackal_SSL_cert.flex

none

 

Crafted HTTP Header

crafted_http_header.flex

HTTP_lua

http.luax

Credit Card Detection

creditcard_detection.flex

creditcard_detection_lua

creditcard_detection.luax

DB2 Activity

db2.flex

db2_lua

db2.luax

DCE-RPC Protocol

dcerpc.flex

DCERPC

dcerpc.luax

Derusbi_Variant_Beacon

derusbi_variant.flex

Derusbi_Server_Handshake

derusbi_server.luax

Direct Connect Protocol

direct_connect.flex

none

 

DNS - Verbose

dns_verbose-flex.flex

DNS_verbose_lua

dns_verbose.luax

dr_watson

basic_dr_watson.flex

dr_watson_lua

basic_dr_watson.luax

Duqu Binary Detection

duqu.flex

duqu_lua

duqu.luax

EIN Detection

ein_detection.flex

ein_detection_lua

ein.luax

Email IP Detection

email_ip.flex

MAIL_lua

mail.luax

Encoded File Fingerprinting

encoded_file_fingerprinting.flex

fingerprint_office_lua, fingerprint_pdf_lua, fingerprint_rar_lua, fingerprint_rtf_lua, fingerprint_zip, windows_executable

fingerprint_office_lua.luax, fingerprint_pdf_lua.luax, fingerprint_rar_lua.luax,  fingerprint_rtf_lua.luax,  fingerprint_zip.luax,  windows_executable.luax

Encoded Hashes (pwdump)

encoded_hashes.flex

pwdump

pwdump.luax

Enhanced IRC

irc.flex

IRC_verbose_lua

irc_verbose.luax

Enhanced Mail

mail-flex.flex

MAIL_lua

mail.luax

Exploit Link Files

exploit_lnk_file.flex

fingerprint_lnk_lua

fingerprint_lnk_lua.luax

Exploit Web Pages

exploit web pages.flex

HTML_threat

HTML_threat.luax

Facebook

facebook.flex

none

 

File Fingerprints

file_fingerprints.flex

none

Use the individual "fingerprint_*" parsers should be used in its place.

Fingerprint Access DB

fingerprint_access_db.flex

fingerprint_access_db_lua

fingerprint_access_db.luax

Fingerprint Apple Executable

fingerprint_apple_exec.flex

fingerprint_appleExec_lua

fingerprint_apple_exec.luax

Fingerprint Apple iOS App

fingerprint_apple_ios_app.flex

fingerprint_apple_ios_lua

fingerprint_apple_ios_app.luax

Fingerprint Apple iWork

fingerprint_apple_iwork.flex

fingerprint_apple_iwork_lua

fingerprint_apple_iwork.luax

Fingerprint Base64 SWF

fingerprint_base64_swf.flex

fingerprint_flash

fingerprint_flash.luax

Fingerprint Bittorrent

fingerprint_bittorrent.flex

bittorrent_lua

bittorrent.luax

Fingerprint CAB files

fingerprint_cab_files.flex

fingerprint_cab

fingerprint_cab.luax

Fingerprint CAD

fingerprint_cad.flex

fingerprint_cad_lua

fingerprint_cad.luax

Fingerprint CHM

fingerprint_chm.flex

fingerprint_chm_lua

fingerprint_chm.luax

Fingerprint CSS

fingerprint_css.flex

none

 

Fingerprint DMG

fingerprint_apple_dmg.flex

fingerprint_apple_dmg_lua

fingerprint_apple_dmg_lua.luax

Fingerprint Encrypted SWF

fingerprint_enc_swf.flex

fingerprint_flash

fingerprint_flash.luax

Fingerprint GIF

fingerprint_gif.flex

fingerprint_gif_lua

fingerprint_gif.luax

Fingerprint HTML

fingerprint_html.flex

none

 

Fingerprint JAR

fingerprint_jar.flex

fingerprint_java

fingerprint_java.luax

Fingerprint Java

fingerprint_java_class.flex

fingerprint_java

fingerprint_java.luax

Fingerprint Javascript

fingerprint_javascript.flex

fingerprint_javascript_lua

fingerprint_javascript.luax

Fingerprint JPG

fingerprint_jpg.flex

fingerprint_jpg_lua

fingerprint_jpg.luax

Fingerprint LNK

fingerprint_lnk.flex

fingerprint_lnk_lua

fingerprint_lnk.luax

Fingerprint MSSQL

fingerprint_mssql.flex

fingerprint_mssql_lua

fingerprint_mssql.luax

Fingerprint Office 2007

fingerprint_office_2007.flex

fingerprint_office_lua

fingerprint_office.luax

Fingerprint Office95-2003

fingerprint_office95-2003.flex

fingerprint_office_lua

fingerprint_office.luax

Fingerprint PDF

fingerprint_pdf.flex

fingerprint_pdf_lua

fingerprint_pdf.luax

Fingerprint PHP

fingerprint_php.flex

none

 

Fingerprint PKCS12

fingerprint_pkcs12.flex

fingerprint_pkcs12_lua

fingerprint_pkcs12.luax

Fingerprint PNG

fingerprint_png.flex

fingerprint_png_lua

fingerprint_png.luax

Fingerprint Private Encryption Keys

fingerprint_private_encryption_keys.flex

Fingerprint_Private_Key

fingerprint_key.luax

Fingerprint RAR

fingerprint_rar.flex

fingerprint_rar_lua

fingerprint_rar.luax

Fingerprint RTF

fingerprint_rtf.flex

fingerprint_rtf_lua

fingerprint_rtf.luax

Fingerprint SWF

fingerprint_swf.flex

fingerprint_flash

fingerprint_flash.luax

Fingerprint Unix Script

fingerprint_unix_script.flex

fingerprint_unix_script_lua

fingerprint_unix_script.luax

Fingerprint Windows MSI

fingerprint_windows_msi_installer.flex

fingerprint_msi_lua

fingerprint_msi.luax

Fingerprint XML

fingerprint_xml.flex

none

 

Flame Malware Detection

flame.flex

none

 

Form Data

formdata.flex

Form_Data_lua

formdata.luax

Gh0st Protocol Parser

ghost_protocol.flex

ghost

ghost.luax

HTML Threat Analysis

HTML_Threat_Analysis.flex

HTML_threat

HTML_threat.luax

Htran

htran.flex

htran_lua

htran.luax

HTTP Connect

http_connect.flex

HTTP_lua

http.luax

HTTP Enhanced

http-flex.flex

HTTP_lua

http.luax

HTTP Error Codes

http_error_codes.flex

HTTP_lua

http.luax

HTTP Header

http_header.flex

HTTP_lua

http.luax

HTTP SQL Injection

http_sql_injection.flex

HTTP_SQL_Injection

http_sql_injection.luax

ICAP HTTP

icap_http.flex

HTTP_lua

http.luax

ICQ

aim-oscar.flex

AIM_lua

aim.luax

IMAP

imap-flex.flex

IMAP_lua

imap.luax

Internet Printing Protocol

ipp.flex

none

 

Java Script

javascript.flex

fingerprint_javascript_lua

fingerprint_javascript_lua.luax

Javascript Suspicious

javascript_suspicious.flex

fingerprint_javascript_lua

fingerprint_javascript_lua.luax

LinkedIn

linkedin.flex

none

 

LPD Protocol Parser

lpd_identify.flex

none

 

MAC to Vendor

mac_vendor.flex

ethernet_oui

ethernet_oui.luax

Malicious CHM

malware_chm.flex

fingerprint_chm_lua

fingerprint_chm_lua.luax

Malware PDF

malware_pdf.flex

fingerprint_pdf_lua

fingerprint_pdf_lua.luax

Mined Alexa Parsers

nwsiteclassify.flex

none

 

MODBUS

modbus-w_port.flex

modbus

modbus.luax

Network Filesystem-NFS

nfs-flex.flex

NFS_lua

nfs.luax

NTLMSSP

ntlmssp.flex

NTLMSSP_lua

ntlmssp.luax

NTP Parser

ntp_identify.flex

ntp_lua

ntp.luax

OCSP Protocol

ocsp.flex

OCSP_lua

ocsp.luax

OPRA Financial Protocol

opra.flex

none

 

OS Types

os_types.flex

HTTP_lua

http.luax

Packers

packers.flex

Packers

packers.luax

Phishing Detection

phishing.flex

phishing_lua

phishing.luax

PKware

pkware.flex

fingerprint_zip

fingerprint_zip.luax

QQ Chat Parser

qq.flex

QQ_lua

qq.luax

Query String Parser

querystring-elements.flex

HTTP_lua

http.luax

RIPng Protocol

ripng.flex

ripng_lua

ripng.luax

RSS Parser

rss.flex

none

 

RTMP Protocol

rtmp.flex

rtmp_lua

rtmp.luax

SCADA DNP3

dnp3-w_port.flex

DNP3_lua

dnp3.luax

Search Queries

search_query.flex

Search_Engines

search_engines.luax

Servers

servers.flex

HTTP_lua

http.luax

ShadyRat

shadyrat.flex

shadyrat_lua

shadyrat.luax

SMB Protocol

smb.flex

SMB_lua

smb.luax

SMB Protocol Identification

smb-id.flex

SMB_lua

smb.luax

SOCKS

socks.flex

socks_lua

socks.luax

Soulseek Protocol

soulseek.flex

SoulSeek_lua

soulseek.luax

Spectrum 1.1 Parser

spectrum11.flex

spectrum_lua

spectrum.luax

Spectrum Consume

spectrum_parser.flex

spectrum_lua

spectrum.luax

Sun Remote Procedure Call- Sun RPC

sunrpc.flex

NFS_lua

NFS_lua.luax

TCP Flags

tcp-flags.flex

session_analysis

session_analysis.luax

TLD

tld.flex

TLD_lua

tld.luax

TLS

tls.flex

TLS_lua

tls.luax

TN3270

tn3270E.flex

TN3270E_lua

tn3270e.luax

Trigon Data Exfiltration

trigon_data_exfiltration.flex

none

 

Twitter

twitter.flex

none

 

UQDF Protocol

uqdf.flex

none

 

URL in Email

email_url_host.flex

phishing_lua

phishing_lua.luax

User-Agent

user-agent.flex

HTTP_lua

HTTP_lua.luax

UTDF Financial Protocol

utdf.flex

none

 

Visualize

visualize.flex

none

 

VNC

vnc-rfb.flex

VNC

vnc.luax

Windows Command Shell

windows_command_shells.flex

windows_command_shell_lua

windows_command_shell.luax

X11 Protocol

x11.flex

X11_lua

x11.luax

X-Forwarded-For Parser

xfwdfor.flex

HTTP_lua

http.luax

XMPP/JABBER Protocol

xmpp.flex

none

 

XOR Executable

xor_executable.flex

xor_executable_lua

xor_executable.luax

You are here
Table of Contents > Mapping of Flex to Lua Parsers

Attachments

    Outcomes