pC_ciscoiestremailgraymail.md

Parser Content

{
Name = cisco-ie-str-email-graymail
    ParserVersion = v1.0.0
    Vendor = Cisco
    Product = Cisco Email Security
    TimeFormat = "yyyy-MM-dd HH:mm:ss"
    Conditions = [ """MID """ , """GRAYMAIL """ ]
    Fields = [
      """\srt=({time}\d+)""",
      """\d\d:\d\d:\d\d\s*({host}[\w\-\.]+)\s*""",
      """MID ({alert_id}\d+)""",
      """GRAYMAIL\s({graymail_score}[^\s"]+)"""
      """MID ({message_id}\d+)""",
    ]
  

}