Skip to content

Latest commit

 

History

History
19 lines (18 loc) · 823 Bytes

pC_cefcarbonblackendpointprocess.md

File metadata and controls

19 lines (18 loc) · 823 Bytes
Raw

Parser Content

{
Name = cef-carbonblack-endpoint-process
  Vendor = VMware
  Product = Carbon Black EDR 
  Lms = Direct
  TimeFormat = "yyyy-MM-dd'T'HH:mm:ss.SSSZ"
  DataType = "process-created"
  Conditions = [ """event_type_cd""", """sensor_product_cd":"cb_response"""", """requestClientApplication=RedCanary""", """destinationServiceName =Custom Application""", """process_path""" ]
  Fields =[
    """({time}\d{1,100}-\d{1,100}-\d{1,100}T\d{1,100}:\d{1,100}:\d{1,100}.\d{1,100}Z)""",
    """"sensor_id"{1,20}:"{1,20}({sensor_id}[^"]{1,2000})""",
    """"{1,20}process_path"{1,20}:"{1,20}({process}({directory}[^"]{1,2000}(\\|\/)+)?({process_name}[^"]{1,2000}))""",
    """"host_name"{1,20}:"{1,20}({host}[^"]{1,2000})""",
    """"process_command_line"{1,20}:"{1,20}({command_line}[^"]{1,2000})"{0,20

}