AnsweredAssumed Answered

HTTP_lua Parser: missing expected meta

Question asked by David Gassman on Dec 10, 2019
Latest reply on Dec 10, 2019 by David Gassman

Is anyone else having issues finding expected meta from the HTTP_lua parser?

 

Particularly I'm concerned that the latest version of the parser may not be parsing out these pieces of meta <below> but there may be others:

 

http post no get
http suspicious 4 headers
http suspicious no cookie

 

I have the latest HTTP_lua parser deployed from Live, dated 2019-11-11 7:09 PM

 

Example:

For 'http post no get' testing I used this query <below> to identify sessions that match the scenario:

 

service = 80 && action = 'post' && ~(action='get')

 

However, when I look through those returned sessions I do not see expected meta for analysis.service='http post no get'

 

Help?

 

Thanks in advance,

David

Outcomes