David Yoslov

2014 Global Summit - Three SA Packet Custom Parsers

Discussion created by David Yoslov on Sep 19, 2014
Latest reply on Sep 19, 2014 by Matthew Gardiner

Attached are the three custom parsers mentioned in the 'Improving Visibility Into Cyber Threats Using Security Analytics' breakout session.


Keep in mind these parsers will likely take some modification based on your environment. Notepad++ can be good for doing such modifications. I recommend using the text reconstruction view to identify response codes. The HTTP Header parser is an intensive parser so if this is used make sure to test that it doesn't cause significant performance issues or dropped packets in your environment.