'[Zeek] Re: [Bro] xml / json parsers'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bro
Subject:    [Zeek] Re: [Bro] xml / json parsers
From:       Jean Luc Couillard <jeanluccouillard () medsec ! com>
Date:       2021-12-23 22:11:18
Message-ID: CAM5tHKd8wjuW06ygQDaCo93ebEc2DivXCQHfkzpZhfNwyaajcA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hello Zeek world
I'm still very new with the Zeek thing, I want to create a new analyser for
the Poct1a protocol, this protocol is base or looks like a XML format. I
got most of the analyzer structure in place in my plugin, but I hit the
wall with the PDU parsing.
Do you have some examples where I could learn how to parse a XML frame. I
have to get multiple fields and then populate in the Log file.

1 305 396 6900

JeanlucCouillard@medsec.com <YourEmail@medsec.com>

-- 
CONFIDENTIALITY NOTICE: This message (including any attachments) may 
contain proprietary, business-confidential, and/or privileged material 
intended   solely for the addressee(s). If you are not the intended 
recipient, you are hereby notified that any use, dissemination, 
distribution, or duplication of this communication is strictly prohibited. 
If you are not the intended recipient, please contact the sender by reply 
email and destroy all copies of the original message.

[Attachment #5 (text/html)]

<div dir="ltr"><div>Hello Zeek world  </div><div>I&#39;m still very new with the Zeek \
thing, I want to create a new analyser for the Poct1a protocol, this protocol is base \
or looks like a XML format. I got most of the analyzer structure in place in my \
plugin, but I hit the wall with the PDU parsing.  </div><div>Do you have some \
examples where I could learn how to parse a XML frame. I have to get multiple fields \
and then populate in the Log file.</div><div><br></div><div><span \
style="color:black;font-family:arial,sans-serif">1 305 396 6900</span></div><div \
dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div \
dir="ltr"><pre cols="72" style="white-space:pre-wrap"><p class="MsoNormal" \
style="color:rgb(34,34,34);white-space:normal;background-image:initial;background-position:initial;background-repeat:initial"><font \
face="arial, sans-serif"><span style="color:rgb(5,99,193)">JeanlucCouillard<a \
href="mailto:YourEmail@medsec.com" style="color:rgb(17,85,204)" \
target="_blank">@medsec.com</a></span></font></p></pre></div></div></div>

<br>
<span style="white-space:pre-wrap"><font size="2">CONFIDENTIALITY NOTICE: This \
message (including any attachments) may contain proprietary, business-confidential, \
and/or privileged material intended   solely for the addressee(s). If you are not the \
intended recipient, you are hereby notified that any use, dissemination, \
distribution, or duplication of this communication is strictly prohibited. If you are \
not the intended recipient, please contact the sender by reply email and destroy all \
copies of the original message.</font></span><br>



--
zeek mailing list -- zeek@lists.zeek.org
To unsubscribe send an email to zeek-leave@lists.zeek.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic