msma/feed/Assets/Message_Analyzer/Message Analyzer Parsing Levels.asset

<?xml version="1.0" encoding="utf-8"?>
<AssetCollection xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <Metadata>
    <UniqueId>29F02128-C5CB-4D61-B9DF-91EAEFBA4937</UniqueId>
    <GroupId>29F02128-C5CB-4D61-B9DF-91EAEFBA4937</GroupId>
    <Name>Message Analyzer Parsing Levels</Name>
    <AssetType>ParsingLevelAsset</AssetType>
    <VersionNumber>1</VersionNumber>
    <Author>Message Analyzer</Author>
    <PublishedDate>2014-08-01T00:00:00</PublishedDate>
    <ModifiedDate>2014-08-01T00:00:00</ModifiedDate>
    <Revision>4</Revision>
	<Description>The official release of parsing levels from the Message Analyzer Team. Download and sync this set to get periodic updates.</Description>
    <Tags />
    <Rating>0</Rating>
  </Metadata>
  <Assets>
    <Asset>
      <Metadata>
        <UniqueId>FE44401A-6D5C-4F94-9E9F-6BEC59054B42</UniqueId>
        <Name>Full</Name>
        <Description></Description>
        <Category>Default</Category>
        <Properties />
      </Metadata>
      <Content xsi:type="ParsingLevelAsset">
        <List>
        </List>
      </Content>
      <Properties />
    </Asset>
    <Asset>
      <Metadata>
        <UniqueId>805106C0-A1A8-4268-A567-E9FFE8037F08</UniqueId>
		    <Name>Network Analysis</Name>
        <Description></Description>
        <Category>Default</Category>
        <Properties />
      </Metadata>
      <Content xsi:type="ParsingLevelAsset">
       <List>
		<ParsingLevel>
			<StopAtModule>TCP</StopAtModule>
			<ExcludeFilter>TCP.Port == 53 or TCP.Port==42</ExcludeFilter>
		</ParsingLevel>
		<ParsingLevel>
			<StopAtModule>UDP</StopAtModule>
			<ExcludeFilter>UDP.Port == 53 or UDP.Port==546 or UDP.Port==67 or UDP.Port==137 or UDP.Port==1512</ExcludeFilter>
		</ParsingLevel>
	   </List>
      </Content>
      <Properties />
    </Asset>
    <Asset>
      <Metadata>
        <UniqueId>1AAD2E3B-FA33-4FE1-BD2A-61F3CF23FD6E</UniqueId>
        <Name>File Sharing</Name>
        <Description></Description>
        <Category>Default</Category>
        <Properties />
      </Metadata>
      <Content xsi:type="ParsingLevelAsset">
        <List>
          <ParsingLevel>
            <StopAtModule>TCP</StopAtModule>
            <ExcludeFilter>TCP.Port == 445 or TCP.Port==135</ExcludeFilter>
          </ParsingLevel>
          <ParsingLevel>
            <StopAtModule>SMB</StopAtModule>
          </ParsingLevel>
          <ParsingLevel>
            <StopAtModule>SMB2</StopAtModule>
          </ParsingLevel>
          <ParsingLevel>
            <StopAtModule>UDP</StopAtModule>
            <ExcludeFilter>UDP.Port == 53 or UDP.Port==546 or UDP.Port==67 or UDP.Port==137 or UDP.Port==1512</ExcludeFilter>
          </ParsingLevel>
        </List>
      </Content>
      <Properties />
    </Asset>
    <Asset>
      <Metadata>
        <UniqueId>319852F0-7C77-4045-AD0B-3A800C08186E</UniqueId>
        <Name>High Performance Capture without Parsing</Name>
        <Description></Description>
        <Category>Default</Category>
        <Properties />
      </Metadata>
      <Content xsi:type="ParsingLevelAsset">
        <List>
          <ParsingLevel>
            <StopAtModule>Etw</StopAtModule>
          </ParsingLevel>
          <ParsingLevel>
            <StopAtModule>CapFile</StopAtModule>
          </ParsingLevel>
          <ParsingLevel>
            <StopAtModule>PcapFile</StopAtModule>
          </ParsingLevel>
        </List>
      </Content>
      <Properties />
    </Asset>
    <Asset>
      <Metadata>
        <UniqueId>229A1D7D-7E60-4F4F-B6E9-A9D0B32DCF80</UniqueId>
        <Name>HTTP</Name>
        <Description></Description>
        <Category>Default</Category>
        <Properties />
      </Metadata>
      <Content xsi:type="ParsingLevelAsset">
        <List>
          <ParsingLevel>
            <StopAtModule>IPv4</StopAtModule>
            <ExcludeFilter>IPv4.Protocol == 6</ExcludeFilter>
          </ParsingLevel>
          <ParsingLevel>
            <StopAtModule>IPv6</StopAtModule>
            <ExcludeFilter>IPv6.NextHeader ==6</ExcludeFilter>
          </ParsingLevel>
          <ParsingLevel>
            <StopAtModule>WFPCapture</StopAtModule>
            <ExcludeFilter>WFPCapture.Protocol ==6</ExcludeFilter>
          </ParsingLevel>
          <ParsingLevel>
            <StopAtModule>TCP</StopAtModule>
            <ExcludeFilter>TCP.Port == 80</ExcludeFilter>
          </ParsingLevel>
          <ParsingLevel>
            <StopAtModule>HTTP</StopAtModule>
          </ParsingLevel>
        </List>
      </Content>
      <Properties />
    </Asset>
    <Asset>
      <Metadata>
        <UniqueId>4DCB430D-35C1-4862-A423-ACBBDA3D7084</UniqueId>
        <Name>Identity and Active Directory</Name>
        <Description></Description>
        <Category>Default</Category>
        <Properties />
      </Metadata>
      <Content xsi:type="ParsingLevelAsset">
        <List>
          <ParsingLevel>
            <StopAtModule>IPv4</StopAtModule>
            <ExcludeFilter>IPv4.Protocol == 6</ExcludeFilter>
          </ParsingLevel>
          <ParsingLevel>
            <StopAtModule>IPv6</StopAtModule>
            <ExcludeFilter>IPv6.NextHeader ==6</ExcludeFilter>
          </ParsingLevel>
          <ParsingLevel>
            <StopAtModule>TCP</StopAtModule>
            <ExcludeFilter>TCP.Port==389 or TCP.Port==3268</ExcludeFilter>
          </ParsingLevel>
        </List>
      </Content>
      <Properties />
    </Asset>
  </Assets>
  <Properties />
</AssetCollection>