Mapping of Flex to Lua Parsers

Document created by RSA Information Design and Development on Jul 14, 2017Last modified by RSA Information Design and Development on Oct 8, 2018
Version 77Show Document
  • View in full screen mode
 

This applies to only customers with Network Decoders deployed.  Table for mapping of deprecated flex parsers to the currently maintained Lua Parsers.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        
Flex Parser Live Display NameFlex Parser File NameLua Parser Equivalent Display NameLua Parser File Name Notes

Advanced Windows Executable

advanced_windows_executable.flex

windows_executable

windows_executable.luax

 

AOL Instant Messenger Express

aim-express.flex

AIM_lua

aim.luax

 

Ares File Sharing Protocol

ares.flex

none

 

 

BGP Protocol Identification

bgp_identify.flex

BGP_lua

bgp.luax

 

BitTorrent

bittorrent.flex

bittorrent_lua

bittorrent.luax

 

Bittorrent Protocol Identification

bittorrent-id.flex

bittorrent_lua

bittorrent.luax

 

Blog Parser

blog.flex

none

 

 

Botnet Traffic Patterns

botnet.flex

none

 

 

Browser Detection

browser_detect.flex

HTTP_lua

http.luax

 

BROWSER-TYPE

user_agent.flex

HTTP_lua

http.luax

 

CMS Windows Executable

CMS_windows_executable_v5.flex

windows_executable

windows_executable.luax

 

CMS_Jackal_SSL_cert

CMS_Jackal_SSL_cert.flex

none

 

 

Crafted HTTP Header

crafted_http_header.flex

HTTP_lua

http.luax

 

Credit Card Detection

creditcard_detection.flex

creditcard_detection_lua

creditcard_detection.luax

 

DB2 Activity

db2.flex

db2_lua

db2.luax

 

DCE-RPC Protocol

dcerpc.flex

DCERPC

dcerpc.luax

 

Derusbi_Variant_Beacon

derusbi_variant.flex

Derusbi_Server_Handshake

derusbi_server.luax

 

Direct Connect Protocol

direct_connect.flex

none

 

 

DNS - Verbose

dns_verbose-flex.flex

DNS_verbose_lua

dns_verbose.luax

 

dr_watson

basic_dr_watson.flex

dr_watson_lua

basic_dr_watson.luax

 

Duqu Binary Detection

duqu.flex

duqu_lua

duqu.luax

 

EIN Detection

ein_detection.flex

ein_detection_lua

ein.luax

 

Email IP Detection

email_ip.flex

MAIL_lua

mail.luax

 

Encoded File Fingerprinting

encoded_file_fingerprinting.flex

fingerprint_office_lua, fingerprint_pdf_lua, fingerprint_rar_lua, fingerprint_rtf_lua, fingerprint_zip, windows_executable

fingerprint_office_lua.luax, fingerprint_pdf_lua.luax, fingerprint_rar_lua.luax,  fingerprint_rtf_lua.luax,  fingerprint_zip.luax,  windows_executable.luax

 

Encoded Hashes (pwdump)

encoded_hashes.flex

pwdump

pwdump.luax

 

Enhanced IRC

irc.flex

IRC_verbose_lua

irc_verbose.luax

 

Enhanced Mail

mail-flex.flex

MAIL_lua

mail.luax

 

Exploit Link Files

exploit_lnk_file.flex

fingerprint_lnk_lua

fingerprint_lnk_lua.luax

 

Exploit Web Pages

exploit web pages.flex

HTML_threat

HTML_threat.luax

 

Facebook

facebook.flex

none

 

 

File Fingerprints

file_fingerprints.flex

none

 

This parser is deprecated and the individual "fingerprint_*" parsers should be used in its place.

Fingerprint Access DB

fingerprint_access_db.flex

fingerprint_access_db_lua

fingerprint_access_db.luax

 

Fingerprint Apple Executable

fingerprint_apple_exec.flex

fingerprint_appleExec_lua

fingerprint_apple_exec.luax

 

Fingerprint Apple iOS App

fingerprint_apple_ios_app.flex

fingerprint_apple_ios_lua

fingerprint_apple_ios_app.luax

 

Fingerprint Apple iWork

fingerprint_apple_iwork.flex

fingerprint_apple_iwork_lua

fingerprint_apple_iwork.luax

 

Fingerprint Base64 SWF

fingerprint_base64_swf.flex

fingerprint_flash

fingerprint_flash.luax

 

Fingerprint Bittorrent

fingerprint_bittorrent.flex

bittorrent_lua

bittorrent.luax

 

Fingerprint CAB files

fingerprint_cab_files.flex

fingerprint_cab

fingerprint_cab.luax

 

Fingerprint CAD

fingerprint_cad.flex

fingerprint_cad_lua

fingerprint_cad.luax

 

Fingerprint CHM

fingerprint_chm.flex

fingerprint_chm_lua

fingerprint_chm.luax

 

Fingerprint CSS

fingerprint_css.flex

none

 

 

Fingerprint DMG

fingerprint_apple_dmg.flex

fingerprint_apple_dmg_lua

fingerprint_apple_dmg_lua.luax

 

Fingerprint Encrypted SWF

fingerprint_enc_swf.flex

fingerprint_flash

fingerprint_flash.luax

 

Fingerprint GIF

fingerprint_gif.flex

fingerprint_gif_lua

fingerprint_gif.luax

 

Fingerprint HTML

fingerprint_html.flex

none

 

 

Fingerprint JAR

fingerprint_jar.flex

fingerprint_java

fingerprint_java.luax

 

Fingerprint Java

fingerprint_java_class.flex

fingerprint_java

fingerprint_java.luax

 

Fingerprint Javascript

fingerprint_javascript.flex

fingerprint_javascript_lua

fingerprint_javascript.luax

 

Fingerprint JPG

fingerprint_jpg.flex

fingerprint_jpg_lua

fingerprint_jpg.luax

 

Fingerprint LNK

fingerprint_lnk.flex

fingerprint_lnk_lua

fingerprint_lnk.luax

 

Fingerprint MSSQL

fingerprint_mssql.flex

fingerprint_mssql_lua

fingerprint_mssql.luax

 

Fingerprint Office 2007

fingerprint_office_2007.flex

fingerprint_office_lua

fingerprint_office.luax

 

Fingerprint Office95-2003

fingerprint_office95-2003.flex

fingerprint_office_lua

fingerprint_office.luax

 

Fingerprint PDF

fingerprint_pdf.flex

fingerprint_pdf_lua

fingerprint_pdf.luax

 

Fingerprint PHP

fingerprint_php.flex

none

 

 

Fingerprint PKCS12

fingerprint_pkcs12.flex

fingerprint_pkcs12_lua

fingerprint_pkcs12.luax

 

Fingerprint PNG

fingerprint_png.flex

fingerprint_png_lua

fingerprint_png.luax

 

Fingerprint Private Encryption Keys

fingerprint_private_encryption_keys.flex

Fingerprint_Private_Key

fingerprint_key.luax

 

Fingerprint RAR

fingerprint_rar.flex

fingerprint_rar_lua

fingerprint_rar.luax

 

Fingerprint RTF

fingerprint_rtf.flex

fingerprint_rtf_lua

fingerprint_rtf.luax

 

Fingerprint SWF

fingerprint_swf.flex

fingerprint_flash

fingerprint_flash.luax

 

Fingerprint Unix Script

fingerprint_unix_script.flex

fingerprint_unix_script_lua

fingerprint_unix_script.luax

 

Fingerprint Windows MSI

fingerprint_windows_msi_installer.flex

fingerprint_msi_lua

fingerprint_msi.luax

 

Fingerprint XML

fingerprint_xml.flex

none

 

 

Flame Malware Detection

flame.flex

none

 

 

Form Data

formdata.flex

Form_Data_lua

formdata.luax

 

Gh0st Protocol Parser

ghost_protocol.flex

ghost

ghost.luax

 

HTML Threat Analysis

HTML_Threat_Analysis.flex

HTML_threat

HTML_threat.luax

 

Htran

htran.flex

htran_lua

htran.luax

 

HTTP Connect

http_connect.flex

HTTP_lua

http.luax

 

HTTP Enhanced

http-flex.flex

HTTP_lua

http.luax

 

HTTP Error Codes

http_error_codes.flex

HTTP_lua

http.luax

 

HTTP Header

http_header.flex

HTTP_lua

http.luax

 

HTTP SQL Injection

http_sql_injection.flex

HTTP_SQL_Injection

http_sql_injection.luax

 

ICAP HTTP

icap_http.flex

HTTP_lua

http.luax

 

ICQ

aim-oscar.flex

AIM_lua

aim.luax

 

IMAP

imap-flex.flex

IMAP_lua

imap.luax

 

Internet Printing Protocol

ipp.flex

none

 

 

Java Script

javascript.flex

fingerprint_javascript_lua

fingerprint_javascript_lua.luax

 

Javascript Suspicious

javascript_suspicious.flex

fingerprint_javascript_lua

fingerprint_javascript_lua.luax

 

LinkedIn

linkedin.flex

none

 

 

LPD Protocol Parser

lpd_identify.flex

none

 

 

MAC to Vendor

mac_vendor.flex

ethernet_oui

ethernet_oui.luax

 

Malicious CHM

malware_chm.flex

fingerprint_chm_lua

fingerprint_chm_lua.luax

 

Malware PDF

malware_pdf.flex

fingerprint_pdf_lua

fingerprint_pdf_lua.luax

 

Mined Alexa Parsers

nwsiteclassify.flex

none

 

 

MODBUS

modbus-w_port.flex

modbus

modbus.luax

 

Network Filesystem-NFS

nfs-flex.flex

NFS_lua

nfs.luax

 

NTLMSSP

ntlmssp.flex

NTLMSSP_lua

ntlmssp.luax

 

NTP Parser

ntp_identify.flex

ntp_lua

ntp.luax

 

OCSP Protocol

ocsp.flex

OCSP_lua

ocsp.luax

 

OPRA Financial Protocol

opra.flex

none

 

 

OS Types

os_types.flex

HTTP_lua

http.luax

 

Packers

packers.flex

Packers

packers.luax

 

Phishing Detection

phishing.flex

phishing_lua

phishing.luax

 

PKware

pkware.flex

fingerprint_zip

fingerprint_zip.luax

 

QQ Chat Parser

qq.flex

QQ_lua

qq.luax

 

Query String Parser

querystring-elements.flex

HTTP_lua

http.luax

 

RIPng Protocol

ripng.flex

ripng_lua

ripng.luax

 

RSS Parser

rss.flex

none

 

 

RTMP Protocol

rtmp.flex

rtmp_lua

rtmp.luax

 

SCADA DNP3

dnp3-w_port.flex

DNP3_lua

dnp3.luax

 

Search Queries

search_query.flex

Search_Engines

search_engines.luax

 

Servers

servers.flex

HTTP_lua

http.luax

 

ShadyRat

shadyrat.flex

shadyrat_lua

shadyrat.luax

 

SMB Protocol

smb.flex

SMB_lua

smb.luax

 

SMB Protocol Identification

smb-id.flex

SMB_lua

smb.luax

 

SOCKS

socks.flex

socks_lua

socks.luax

 

Soulseek Protocol

soulseek.flex

SoulSeek_lua

soulseek.luax

 

Spectrum 1.1 Parser

spectrum11.flex

spectrum_lua

spectrum.luax

 

Spectrum Consume

spectrum_parser.flex

spectrum_lua

spectrum.luax

 

Sun Remote Procedure Call- Sun RPC

sunrpc.flex

NFS_lua

NFS_lua.luax

 

TCP Flags

tcp-flags.flex

session_analysis

session_analysis.luax

 

TLD

tld.flex

TLD_lua

tld.luax

 

TLS

tls.flex

TLS_lua

tls.luax

 

TN3270

tn3270E.flex

TN3270E_lua

tn3270e.luax

 

Trigon Data Exfiltration

trigon_data_exfiltration.flex

none

 

 

Twitter

twitter.flex

none

 

 

UQDF Protocol

uqdf.flex

none

 

 

URL in Email

email_url_host.flex

phishing_lua

phishing_lua.luax

 

User-Agent

user-agent.flex

HTTP_lua

HTTP_lua.luax

 

UTDF Financial Protocol

utdf.flex

none

 

 

Visualize

visualize.flex

none

 

 

VNC

vnc-rfb.flex

VNC

vnc.luax

 

Windows Command Shell

windows_command_shells.flex

windows_command_shell_lua

windows_command_shell.luax

 

X11 Protocol

x11.flex

X11_lua

x11.luax

 

X-Forwarded-For Parser

xfwdfor.flex

HTTP_lua

http.luax

 

XMPP/JABBER Protocol

xmpp.flex

none

 

 

XOR Executable

xor_executable.flex

xor_executable_lua

xor_executable.luax

 

You are here
Table of Contents > Mapping of Flex to Lua Parsers

Attachments

    Outcomes