.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
What is the criteria based on which RSA Security Analytics Malware Analysis decides to use the spectrum.analyze and spectrum.analyze11 meta?
Tasks
What is the criteria based on which Malware Analysis decides to use the spectrum.analyze and spectrum.analyze11 meta?
Resolution
spectrum.analyze - Decoder creates meta based upon file types seen in the session and total file size. File types are EXE, RAR, ZIP, base64 encoded zip, base64 encoded rar and base64 encoded exe. The file size is max 16MB
spectrum.analyze11 - Decoder creates meta based upon file type seen in the session and total file size. File types are Office 95-2003 Word document, Office 95-2003 Excel document, Office 95-2003 PowerPoint document, Office 95-2003 document, Office 2007 document, pdf and rtf. The file size is max 16MB
Notes
The following parsers are required to generate spectrum.analyze and spectrum.analyze11 meta.spectrum_lua
or
Spectrum Consume and Spectrum 1.1 Parser
Deploying the above parser from Live will also deploy some additional resources that have dependencies to the spectrum parsers.
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: Malware Analysis
Platform: CentOS
O/S Version: EL5 / EL6
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue