Hi,
I have defined a Automatic Lookup to a CSV File with several values per line.
I would create automatic wildcard lookups against more than one field in the csv. Is this possible?
I have tried the following but not successful:
props.conf
[squid]
LOOKUP-MandiantAPT = MandiantAPT domain AS uri_host OUTPUTNEW
LOOKUP-MandiantAPT = MandiantAPT filename AS uri_path OUTPUTNEW
transforms.conf
[MandiantAPT]
filename = mandiant-apt.csv
case_sensitive_match=false
match_type = WILDCARD(domain)
match_type = WILDCARD(filename)
mandiant-apt.csv
domain,description,isbad,md5,filename,filesize,stringlist
"*advanbusiness.com*","Mandiant APT",true,"*001dd76872d80801692ff942308c64e6*","*121.exe*","*10233*","*!@#%$^#@!*"
"*aoldaily.com*","Mandiant APT",true,"*002325a0a67fded0381b5648d7fe9b8e*","*162.exe*","*10240*","*@***@*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*"
Has anyone an idea? Thank you in advance for your help.
Regards,
Patrik
... View more