pC_ciscoiestremailspam.md

November 11, 2025 · View on GitHub

Parser Content

{
Name = cisco-ie-str-email-spam
    ParserVersion = v1.0.0
    Vendor = Cisco
    Product = Cisco Email Security
    TimeFormat = "yyyy-MM-dd HH:mm:ss"
    Conditions = [ """MID """, """CASE spam""" ]
    Fields = [
      """MID ({alert_id}\d+)""",
      """CASE spam ({spam_score}.+?)"(\s+\w+=|\s*$)"""
      """MID ({message_id}\d+)""",
    ]
  

}