Hi,
I am having the following event and I am trying to extract the URI and FileSHA256 field, but not using the search tab(with rex command). Would you please assist me on this matter?Thank you.
Jan 29 14:12:48 2020-01-29T12:13:38Z asa-internet-primary-sourcefire3d (null) %NGIPS-1-430005: DeviceUUID: , SrcIP: 10.239.54.213, DstIP: , SrcPort: 15808, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d, SHA_Disposition: Clean, SperoDisposition: Spero detection not performed on file, ThreatName: Unknown, FileName: , FileType: MSCAB, FileSize: 7796, ApplicationProtocol: HTTP, Client: Microsoft CryptoAPI, WebApplication: Microsoft Update, User: No Authentication Required, FirstPacketSecond: 2020-01-29T12:13:38Z, FilePolicy: AMP-Policy, ArchiveFileName: , ArchiveFileStatus: Extracted, Context: admin, URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/
... View more