pC_dtexsystemsinterceptstrfileprocesssuccessuserdept.md

Parser Content

{
Name = "dtexsystems-intercept-str-file-process-success-userdept"
Vendor = "Dtex Systems"
Product = "DTEX InTERCEPT"
TimeFormat = "yyyy-MM-dd'T'HH:mm:ss"
Conditions = [
  """User_Department"""
  """User_Location"""
]
Fields = [
  """(?:[^,]*,){8}({time}\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d)?"""
  """(?:([^",]*,)){10}({operation_details}".+?"|[^,]+),"""
  """(?:[^,]*,){6}({access}({operation}[^,]+))?"""
  """(?:[^,]*,){5}({activity_details}[^,]+)?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){11}(({host_domain}[^\\]+)\\)?({src_host}({host}[\w\-\.]+))?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){13}({os_version}[^,]+)"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){15}({os_architecture}[^,]+)"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){16}({os_edition}[^,]+)"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){17}({os_type}[^,]+)"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){2}({domain}[^\\]+)\\({user}[\w\.\-\!\#\^\~]{1,40}\$?)?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){35}({bytes}\d+)?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){19}({process_name}[^,]+)?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){21}({process_dir}[^,]+)?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){26}(".+?"|[^,]*),({url}[^,]+)?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){26}(".+?"|[^,]*),(?:([^,]*,)){5}({src_file_dir}[^,]+)?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){26}(".+?"|[^,]*),(?:([^,]*,)){6}({src_file_name}[^,]+)?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){26}(".+?"|[^,]*),(?:([^,]*,)){7}({src_file_ext}[^,]+)?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){26}(".+?"|[^,]*),(?:([^,]*,)){14}({file_dir}[^,]+)?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){26}(".+?"|[^,]*),(?:([^,]*,)){15}({src_file_name}[^,]+)?"""
  """(?:([^",]*,)){10}(".+?"|[^,]*),(?:([^,]*,)){26}(".+?"|[^,]*),(?:([^,]*,)){16}({src_file_ext}[^,]+)?"""
]
ParserVersion = "v1.0.0"


}