on Jul 14, 2017This applies to only customers with Network Decoders deployed. The following table contains mapping for the discontinued flex parsers to the currently maintained Lua Parsers.
| Flex Parser Live Display Name | Flex Parser File Name | Lua Parser Equivalent Display Name | Lua Parser File Name |
|---|---|---|---|
| Advanced Windows Executable | advanced_windows_executable.flex | windows_executable | windows_executable.luax |
| AOL Instant Messenger Express | aim-express.flex | AIM_lua | aim.luax |
| Ares File Sharing Protocol | ares.flex | none |
|
| BGP Protocol Identification | bgp_identify.flex | BGP_lua | bgp.luax |
| BitTorrent | bittorrent.flex | bittorrent_lua | bittorrent.luax |
| Bittorrent Protocol Identification | bittorrent-id.flex | bittorrent_lua | bittorrent.luax |
| Blog Parser | blog.flex | none |
|
| Botnet Traffic Patterns | botnet.flex | none |
|
| Browser Detection | browser_detect.flex | HTTP_lua | http.luax |
| BROWSER-TYPE | user_agent.flex | HTTP_lua | http.luax |
| CMS Windows Executable | CMS_windows_executable_v5.flex | windows_executable | windows_executable.luax |
| CMS_Jackal_SSL_cert | CMS_Jackal_SSL_cert.flex | none |
|
| Crafted HTTP Header | crafted_http_header.flex | HTTP_lua | http.luax |
| Credit Card Detection | creditcard_detection.flex | creditcard_detection_lua | creditcard_detection.luax |
| DB2 Activity | db2.flex | db2_lua | db2.luax |
| DCE-RPC Protocol | dcerpc.flex | DCERPC | dcerpc.luax |
| Derusbi_Variant_Beacon | derusbi_variant.flex | Derusbi_Server_Handshake | derusbi_server.luax |
| Direct Connect Protocol | direct_connect.flex | none |
|
| DNS - Verbose | dns_verbose-flex.flex | DNS_verbose_lua | dns_verbose.luax |
| dr_watson | basic_dr_watson.flex | dr_watson_lua | basic_dr_watson.luax |
| Duqu Binary Detection | duqu.flex | duqu_lua | duqu.luax |
| EIN Detection | ein_detection.flex | ein_detection_lua | ein.luax |
| Email IP Detection | email_ip.flex | MAIL_lua | mail.luax |
| Encoded File Fingerprinting | encoded_file_fingerprinting.flex | fingerprint_office_lua, fingerprint_pdf_lua, fingerprint_rar_lua, fingerprint_rtf_lua, fingerprint_zip, windows_executable | fingerprint_office_lua.luax, fingerprint_pdf_lua.luax, fingerprint_rar_lua.luax, fingerprint_rtf_lua.luax, fingerprint_zip.luax, windows_executable.luax |
| Encoded Hashes (pwdump) | encoded_hashes.flex | pwdump | pwdump.luax |
| Enhanced IRC | irc.flex | IRC_verbose_lua | irc_verbose.luax |
| Enhanced Mail | mail-flex.flex | MAIL_lua | mail.luax |
| Exploit Link Files | exploit_lnk_file.flex | fingerprint_lnk_lua | fingerprint_lnk_lua.luax |
| Exploit Web Pages | exploit web pages.flex | HTML_threat | HTML_threat.luax |
| | facebook.flex | none |
|
| File Fingerprints | file_fingerprints.flex | none | Use the individual "fingerprint_*" parsers should be used in its place. |
| Fingerprint Access DB | fingerprint_access_db.flex | fingerprint_access_db_lua | fingerprint_access_db.luax |
| Fingerprint Apple Executable | fingerprint_apple_exec.flex | fingerprint_appleExec_lua | fingerprint_apple_exec.luax |
| Fingerprint Apple iOS App | fingerprint_apple_ios_app.flex | fingerprint_apple_ios_lua | fingerprint_apple_ios_app.luax |
| Fingerprint Apple iWork | fingerprint_apple_iwork.flex | fingerprint_apple_iwork_lua | fingerprint_apple_iwork.luax |
| Fingerprint Base64 SWF | fingerprint_base64_swf.flex | fingerprint_flash | fingerprint_flash.luax |
| Fingerprint Bittorrent | fingerprint_bittorrent.flex | bittorrent_lua | bittorrent.luax |
| Fingerprint CAB files | fingerprint_cab_files.flex | fingerprint_cab | fingerprint_cab.luax |
| Fingerprint CAD | fingerprint_cad.flex | fingerprint_cad_lua | fingerprint_cad.luax |
| Fingerprint CHM | fingerprint_chm.flex | fingerprint_chm_lua | fingerprint_chm.luax |
| Fingerprint CSS | fingerprint_css.flex | none |
|
| Fingerprint DMG | fingerprint_apple_dmg.flex | fingerprint_apple_dmg_lua | fingerprint_apple_dmg_lua.luax |
| Fingerprint Encrypted SWF | fingerprint_enc_swf.flex | fingerprint_flash | fingerprint_flash.luax |
| Fingerprint GIF | fingerprint_gif.flex | fingerprint_gif_lua | fingerprint_gif.luax |
| Fingerprint HTML | fingerprint_html.flex | none |
|
| Fingerprint JAR | fingerprint_jar.flex | fingerprint_java | fingerprint_java.luax |
| Fingerprint Java | fingerprint_java_class.flex | fingerprint_java | fingerprint_java.luax |
| Fingerprint Javascript | fingerprint_javascript.flex | fingerprint_javascript_lua | fingerprint_javascript.luax |
| Fingerprint JPG | fingerprint_jpg.flex | fingerprint_jpg_lua | fingerprint_jpg.luax |
| Fingerprint LNK | fingerprint_lnk.flex | fingerprint_lnk_lua | fingerprint_lnk.luax |
| Fingerprint MSSQL | fingerprint_mssql.flex | fingerprint_mssql_lua | fingerprint_mssql.luax |
| Fingerprint Office 2007 | fingerprint_office_2007.flex | fingerprint_office_lua | fingerprint_office.luax |
| Fingerprint Office95-2003 | fingerprint_office95-2003.flex | fingerprint_office_lua | fingerprint_office.luax |
| Fingerprint PDF | fingerprint_pdf.flex | fingerprint_pdf_lua | fingerprint_pdf.luax |
| Fingerprint PHP | fingerprint_php.flex | none |
|
| Fingerprint PKCS12 | fingerprint_pkcs12.flex | fingerprint_pkcs12_lua | fingerprint_pkcs12.luax |
| Fingerprint PNG | fingerprint_png.flex | fingerprint_png_lua | fingerprint_png.luax |
| Fingerprint Private Encryption Keys | fingerprint_private_encryption_keys.flex | Fingerprint_Private_Key | fingerprint_key.luax |
| Fingerprint RAR | fingerprint_rar.flex | fingerprint_rar_lua | fingerprint_rar.luax |
| Fingerprint RTF | fingerprint_rtf.flex | fingerprint_rtf_lua | fingerprint_rtf.luax |
| Fingerprint SWF | fingerprint_swf.flex | fingerprint_flash | fingerprint_flash.luax |
| Fingerprint Unix Script | fingerprint_unix_script.flex | fingerprint_unix_script_lua | fingerprint_unix_script.luax |
| Fingerprint Windows MSI | fingerprint_windows_msi_installer.flex | fingerprint_msi_lua | fingerprint_msi.luax |
| Fingerprint XML | fingerprint_xml.flex | none |
|
| Flame Malware Detection | flame.flex | none |
|
| Form Data | formdata.flex | Form_Data_lua | formdata.luax |
| Gh0st Protocol Parser | ghost_protocol.flex | ghost | ghost.luax |
| HTML Threat Analysis | HTML_Threat_Analysis.flex | HTML_threat | HTML_threat.luax |
| Htran | htran.flex | htran_lua | htran.luax |
| HTTP Connect | http_connect.flex | HTTP_lua | http.luax |
| HTTP Enhanced | http-flex.flex | HTTP_lua | http.luax |
| HTTP Error Codes | http_error_codes.flex | HTTP_lua | http.luax |
| HTTP Header | http_header.flex | HTTP_lua | http.luax |
| HTTP SQL Injection | http_sql_injection.flex | HTTP_SQL_Injection | http_sql_injection.luax |
| ICAP HTTP | icap_http.flex | HTTP_lua | http.luax |
| ICQ | aim-oscar.flex | AIM_lua | aim.luax |
| IMAP | imap-flex.flex | IMAP_lua | imap.luax |
| Internet Printing Protocol | ipp.flex | none |
|
| Java Script | javascript.flex | fingerprint_javascript_lua | fingerprint_javascript_lua.luax |
| Javascript Suspicious | javascript_suspicious.flex | fingerprint_javascript_lua | fingerprint_javascript_lua.luax |
| | linkedin.flex | none |
|
| LPD Protocol Parser | lpd_identify.flex | none |
|
| MAC to Vendor | mac_vendor.flex | ethernet_oui | ethernet_oui.luax |
| Malicious CHM | malware_chm.flex | fingerprint_chm_lua | fingerprint_chm_lua.luax |
| Malware PDF | malware_pdf.flex | fingerprint_pdf_lua | fingerprint_pdf_lua.luax |
| Mined Alexa Parsers | nwsiteclassify.flex | none |
|
| MODBUS | modbus-w_port.flex | modbus | modbus.luax |
| Network Filesystem-NFS | nfs-flex.flex | NFS_lua | nfs.luax |
| NTLMSSP | ntlmssp.flex | NTLMSSP_lua | ntlmssp.luax |
| NTP Parser | ntp_identify.flex | ntp_lua | ntp.luax |
| OCSP Protocol | ocsp.flex | OCSP_lua | ocsp.luax |
| OPRA Financial Protocol | opra.flex | none |
|
| OS Types | os_types.flex | HTTP_lua | http.luax |
| Packers | packers.flex | Packers | packers.luax |
| Phishing Detection | phishing.flex | phishing_lua | phishing.luax |
| PKware | pkware.flex | fingerprint_zip | fingerprint_zip.luax |
| QQ Chat Parser | qq.flex | QQ_lua | qq.luax |
| Query String Parser | querystring-elements.flex | HTTP_lua | http.luax |
| RIPng Protocol | ripng.flex | ripng_lua | ripng.luax |
| RSS Parser | rss.flex | none |
|
| RTMP Protocol | rtmp.flex | rtmp_lua | rtmp.luax |
| SCADA DNP3 | dnp3-w_port.flex | DNP3_lua | dnp3.luax |
| Search Queries | search_query.flex | Search_Engines | search_engines.luax |
| Servers | servers.flex | HTTP_lua | http.luax |
| ShadyRat | shadyrat.flex | shadyrat_lua | shadyrat.luax |
| SMB Protocol | smb.flex | SMB_lua | smb.luax |
| SMB Protocol Identification | smb-id.flex | SMB_lua | smb.luax |
| SOCKS | socks.flex | socks_lua | socks.luax |
| Soulseek Protocol | soulseek.flex | SoulSeek_lua | soulseek.luax |
| Spectrum 1.1 Parser | spectrum11.flex | spectrum_lua | spectrum.luax |
| Spectrum Consume | spectrum_parser.flex | spectrum_lua | spectrum.luax |
| Sun Remote Procedure Call- Sun RPC | sunrpc.flex | NFS_lua | NFS_lua.luax |
| TCP Flags | tcp-flags.flex | session_analysis | session_analysis.luax |
| TLD | tld.flex | TLD_lua | tld.luax |
| TLS | tls.flex | TLS_lua | tls.luax |
| TN3270 | tn3270E.flex | TN3270E_lua | tn3270e.luax |
| Trigon Data Exfiltration | trigon_data_exfiltration.flex | none |
|
| | twitter.flex | none |
|
| UQDF Protocol | uqdf.flex | none |
|
| URL in Email | email_url_host.flex | phishing_lua | phishing_lua.luax |
| User-Agent | user-agent.flex | HTTP_lua | HTTP_lua.luax |
| UTDF Financial Protocol | utdf.flex | none |
|
| Visualize | visualize.flex | none |
|
| VNC | vnc-rfb.flex | VNC | vnc.luax |
| Windows Command Shell | windows_command_shells.flex | windows_command_shell_lua | windows_command_shell.luax |
| X11 Protocol | x11.flex | X11_lua | x11.luax |
| X-Forwarded-For Parser | xfwdfor.flex | HTTP_lua | http.luax |
| XMPP/JABBER Protocol | xmpp.flex | none |
|
| XOR Executable | xor_executable.flex | xor_executable_lua | xor_executable.luax |
