Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Additional x509 banners #305

Closed
wants to merge 9 commits into from
Closed

Additional x509 banners #305

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
b48ba15
DCA-21047 Updated recog
psupel-r7 Dec 10, 2020
48f744c
changes as requested
psupel-r7 Dec 17, 2020
8a85e98
updated Snort fingerprint, added a new VMWare fingerprint
psupel-r7 Dec 17, 2020
0d86871
changed PANOS to PAN-OS and moved email address in snort back to whe…
psupel-r7 Dec 18, 2020
6645abe
removing capture group and changing ^ to *
psupel-r7 Jan 6, 2021
d63380c
Merge branch 'master' of github.com:psupel-r7/recog into Puffins/Stor…
psupel-r7 Jan 7, 2021
0aa65a4
Palo alto fingerprint takes email address
psupel-r7 Jan 8, 2021
8354c51
Merge branch 'Puffins/Story/DCA-21047' of github.com:psupel-r7/recog …
psupel-r7 Jan 8, 2021
1e29d13
palo alto change to take email dress explicitly
psupel-r7 Jan 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions xml/favicons.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1430,7 +1430,7 @@
<param pos="0" name="hw.device" value="Firewall"/>
<param pos="0" name="hw.certainty" value="0.5"/>
<param pos="0" name="os.vendor" value="Palo Alto Networks"/>
<param pos="0" name="os.product" value="PANOS"/>
<param pos="0" name="os.product" value="PAN-OS"/>
<param pos="0" name="os.device" value="Firewall"/>
<param pos="0" name="os.certainty" value="0.5"/>
</fingerprint>
Expand Down Expand Up @@ -1723,4 +1723,4 @@
<param pos="0" name="hw.certainty" value="0.5"/>
</fingerprint>

</fingerprints>
</fingerprints>
36 changes: 32 additions & 4 deletions xml/x509_subjects.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,14 @@
<param pos="0" name="os.product" value="iDRAC Linux"/>
</fingerprint>

<fingerprint pattern="^CN=opensnort\.example\.com,O=Sourcefire,emailAddress=support@sourcefire\.com">
<description>Sourcefire Snort HTTPS console</description>
<example>CN=opensnort.example.com,O=Sourcefire,[email protected]</example>
<param pos="0" name="service.vendor" value="Snort"/>
<param pos="0" name="service.family" value="Snort"/>
<param pos="0" name="service.product" value="Snort"/>
</fingerprint>

<fingerprint pattern="^CN=iDRAC default certificate,OU=Server Firmware Group,O=Dell Inc\.,L=Round Rock,ST=Texas,C=US$">
<description>Dell iDRAC Remote Access Controller Default Certificate</description>
<example>CN=iDRAC default certificate,OU=Server Firmware Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
Expand Down Expand Up @@ -475,7 +483,7 @@
</fingerprint>

<fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$">
<description>VMware ESX</description>
<description>VMWare ESX</description>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR will likely be closed, but note for self - this change is incorrect. VMware is correct.

<example>CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
<param pos="0" name="os.vendor" value="VMware"/>
<param pos="0" name="os.product" value="ESX"/>
Expand All @@ -484,6 +492,16 @@
<param pos="1" name="host.name"/>
</fingerprint>

<fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$">
<description>VMWare ESX</description>
<example>CN=server99.,OU=VMware ESX Server Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
<param pos="0" name="os.vendor" value="VMware"/>
<param pos="0" name="os.product" value="ESX"/>
<param pos="0" name="os.device" value="Hypervisor"/>
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
<param pos="1" name="host.name"/>
</fingerprint>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Already landed elsewhere


<fingerprint pattern="^CN.*,OU=SRM,O=VMware\\, Inc\.,L=Palo Alto,ST=California,C=US$">
<description>VMware SRM</description>
<example>CN=SRM01,OU=SRM,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US</example>
Expand Down Expand Up @@ -1191,13 +1209,23 @@
<param pos="0" name="os.product" value="RecoverPoint"/>
</fingerprint>

<fingerprint pattern="^CN=[a-fA-F0-9]+,O=Palo Alto Networks,L=Santa Clara,ST=CA,C=US$">
<fingerprint pattern="^(?:EMAILADDRESS=[\w@.]+,)?CN=[a-fA-F0-9]+,O=Palo Alto Networks,L=Santa Clara,ST=CA,C=US$">
<description>Palo Alto Firewall</description>
<example>CN=d9fc2294968367a3a8ad1acd4c816c78444e6ea4d69869b40cc9751951fd3693,O=Palo Alto Networks,L=Santa Clara,ST=CA,C=US</example>
<param pos="0" name="hw.vendor" value="Palo Alto Networks"/>
<param pos="0" name="hw.device" value="Firewall"/>
<param pos="0" name="os.vendor" value="Palo Alto Networks"/>
<param pos="0" name="os.product" value="PANOS"/>
<param pos="0" name="os.product" value="PAN-OS"/>
<param pos="0" name="os.device" value="Firewall"/>
</fingerprint>

<fingerprint pattern="^CN=localhost,OU=Support,O=Palo Alto Networks">
<description>Palo Alto Networks</description>
<example>CN=localhost,OU=Support,O=Palo Alto Networks</example>
<param pos="0" name="hw.vendor" value="Palo Alto Networks"/>
<param pos="0" name="hw.device" value="Firewall"/>
<param pos="0" name="os.vendor" value="Palo Alto Networks"/>
<param pos="0" name="os.product" value="PAN-OS"/>
<param pos="0" name="os.device" value="Firewall"/>
</fingerprint>

Expand Down Expand Up @@ -1435,4 +1463,4 @@
<param pos="0" name="os.product" value="Linux"/>
</fingerprint>

</fingerprints>
</fingerprints>