[Snort-openappid] WD SmartWare Detector

Costas Kleopa (ckleopa) ckleopa at ...5...
Mon Jun 22 14:07:32 EDT 2015

Thank you again for your contribution.

We will add this to our open source detectors also. If you can send me a pcap separately it would be great.

On Jun 21, 2015, at 3:43 PM, Y M <snort at ...46...<mailto:snort at ...46...>> wrote:


Simple detector below for the Western Digital SmartWare application attempting to check for updates. Pcap is available if needed.

detection_name: wd_smartware_update
version: 1
description: Western Digital SmartWare software update
metadat: OpenAppID community

require "DetectorCommon"
local DC = DetectorCommon

local proto = DC.ipproto.tcp;
DetectorPackageInfo = {
        name = "wd_sw_update",
        proto = proto,
        server = {
                init = 'DetectorInit',
                clean = 'DetectorClean',
                minimum_matches = 1

function DetectorInit(detectorInstance)

        gDetector = detectorInstance;
        gAppId = gDetector:open_createApp("wd_sw_update");

        if gDetector.addAppUrl then
                gDetector:addAppUrl(0, 0, 0, gAppId, 0, "download.wdc.com<http://download.wdc.com/>", "/wdapp/", "http:", "", gAppId);

        return gDetector;

function DetectorClean()

Snort-openappid mailing list
Snort-openappid at lists.sourceforge.net<mailto:Snort-openappid at ...12...rge.net>

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150622/641daaaa/attachment.html>

More information about the Snort-openappid mailing list