From 220bc35b3e995a300ac94cb04b59335a28b9bba5 Mon Sep 17 00:00:00 2001
From: taylor_socfortress <111797488+taylorwalton@users.noreply.github.com>
Date: Thu, 23 Mar 2023 07:05:08 -0500
Subject: [PATCH] Create maltrail_decoders.xml
---
Maltrail/maltrail_decoders.xml | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
create mode 100644 Maltrail/maltrail_decoders.xml
diff --git a/Maltrail/maltrail_decoders.xml b/Maltrail/maltrail_decoders.xml
new file mode 100644
index 0000000..12f7d0e
--- /dev/null
+++ b/Maltrail/maltrail_decoders.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+ ^CEF$
+
+
+
+ CEF
+ (\w+)\|(\w+)\|(\w+)\|(\.+)\|(\d+-\d+-\d+)\|(\.+)\|(\d+)\|src=(\d+.\d+.\d+.\d+) spt=(\.+) dst=(\d+.\d+.\d+.\d+) dpt=(\.+) trail=(\.+) ref=(\.+)
+ code, application, type, version, date, category, severity, srcip, srcport, dstip, dstport, trail, ref
+