recog-intrigue 2.3.7 → 2.3.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (70) hide show
  1. checksums.yaml +4 -4
  2. data/.github/SECURITY.md +35 -0
  3. data/.gitignore +9 -0
  4. data/CONTRIBUTING.md +136 -37
  5. data/README.md +18 -16
  6. data/bin/recog_cleanup +16 -0
  7. data/bin/recog_standardize +30 -6
  8. data/cpe-remap.yaml +38 -1
  9. data/identifiers/README.md +9 -0
  10. data/identifiers/hw_device.txt +77 -0
  11. data/identifiers/hw_family.txt +96 -0
  12. data/identifiers/hw_product.txt +328 -0
  13. data/identifiers/os_architecture.txt +6 -6
  14. data/identifiers/os_device.txt +45 -3
  15. data/identifiers/os_family.txt +206 -41
  16. data/identifiers/os_product.txt +238 -17
  17. data/identifiers/service_family.txt +144 -57
  18. data/identifiers/service_product.txt +385 -83
  19. data/identifiers/vendor.txt +554 -68
  20. data/lib/recog/version.rb +1 -1
  21. data/requirements.txt +1 -1
  22. data/update_cpes.py +4 -1
  23. data/xml/apache_modules.xml +292 -5
  24. data/xml/apache_os.xml +41 -2
  25. data/xml/architecture.xml +11 -3
  26. data/xml/dns_versionbind.xml +200 -26
  27. data/xml/favicons.xml +1701 -0
  28. data/xml/ftp_banners.xml +256 -23
  29. data/xml/h323_callresp.xml +112 -12
  30. data/xml/hp_pjl_id.xml +47 -5
  31. data/xml/html_title.xml +1156 -70
  32. data/xml/http_cookies.xml +69 -11
  33. data/xml/http_servers.xml +1094 -107
  34. data/xml/http_wwwauth.xml +143 -27
  35. data/xml/imap_banners.xml +62 -13
  36. data/xml/ldap_searchresult.xml +81 -9
  37. data/xml/mdns_device-info_txt.xml +194 -17
  38. data/xml/mdns_workstation_txt.xml +4 -2
  39. data/xml/mysql_banners.xml +233 -40
  40. data/xml/mysql_error.xml +113 -6
  41. data/xml/nntp_banners.xml +10 -2
  42. data/xml/ntp_banners.xml +93 -9
  43. data/xml/operating_system.xml +90 -3
  44. data/xml/pop_banners.xml +87 -33
  45. data/xml/rsh_resp.xml +11 -2
  46. data/xml/rtsp_servers.xml +43 -23
  47. data/xml/sip_banners.xml +6 -11
  48. data/xml/sip_user_agents.xml +29 -2
  49. data/xml/smb_native_lm.xml +10 -2
  50. data/xml/smb_native_os.xml +80 -2
  51. data/xml/smtp_banners.xml +233 -13
  52. data/xml/smtp_debug.xml +6 -4
  53. data/xml/smtp_ehlo.xml +7 -5
  54. data/xml/smtp_expn.xml +13 -4
  55. data/xml/smtp_help.xml +23 -4
  56. data/xml/smtp_mailfrom.xml +5 -2
  57. data/xml/smtp_noop.xml +6 -5
  58. data/xml/smtp_quit.xml +5 -4
  59. data/xml/smtp_rcptto.xml +5 -2
  60. data/xml/smtp_rset.xml +4 -4
  61. data/xml/smtp_turn.xml +4 -4
  62. data/xml/smtp_vrfy.xml +14 -4
  63. data/xml/snmp_sysdescr.xml +741 -32
  64. data/xml/snmp_sysobjid.xml +47 -2
  65. data/xml/ssh_banners.xml +255 -81
  66. data/xml/telnet_banners.xml +503 -30
  67. data/xml/x11_banners.xml +26 -3
  68. data/xml/x509_issuers.xml +37 -13
  69. data/xml/x509_subjects.xml +214 -52
  70. metadata +12 -5
data/xml/x11_banners.xml CHANGED
@@ -1,4 +1,4 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="x11.vendor" protocol="x11">
3
3
  <!--
4
4
  During X11 connection setup as specified in the X11 protocol
@@ -7,12 +7,14 @@
7
7
  This success response contains a vendor field which can be used to
8
8
  fingerprint systems with the following fingerprints.
9
9
  -->
10
+
10
11
  <fingerprint pattern="^AT&amp;T Laboratories Cambridge$">
11
12
  <description>AT&amp;T Laboratories Cambridge</description>
12
13
  <example>AT&amp;T Laboratories Cambridge</example>
13
14
  <param pos="0" name="service.vendor" value="AT&amp;T Laboratories Cambridge"/>
14
15
  <param pos="0" name="service.product" value="Xvnc"/>
15
16
  </fingerprint>
17
+
16
18
  <fingerprint pattern="^CentOS$">
17
19
  <description>CentOS</description>
18
20
  <example>CentOS</example>
@@ -24,6 +26,7 @@
24
26
  <param pos="0" name="os.family" value="Linux"/>
25
27
  <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
26
28
  </fingerprint>
29
+
27
30
  <fingerprint pattern="^Colin Harrison$">
28
31
  <description>Colin Harrison</description>
29
32
  <example>Colin Harrison</example>
@@ -34,6 +37,7 @@
34
37
  <param pos="0" name="os.family" value="Windows"/>
35
38
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
36
39
  </fingerprint>
40
+
37
41
  <fingerprint pattern="^DECWINDOWS DigitalEquipmentCorporation, eXcursion$">
38
42
  <description>DECWINDOWS DigitalEquipmentCorporation, eXcursion</description>
39
43
  <example>DECWINDOWS DigitalEquipmentCorporation, eXcursion</example>
@@ -44,6 +48,7 @@
44
48
  <param pos="0" name="os.family" value="Windows"/>
45
49
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
46
50
  </fingerprint>
51
+
47
52
  <fingerprint pattern="^DECWINDOWS Hewlett-Packard Development Company OpenVMS$">
48
53
  <description>DECWINDOWS Hewlett-Packard Development Company OpenVMS</description>
49
54
  <example>DECWINDOWS Hewlett-Packard Development Company OpenVMS</example>
@@ -53,6 +58,7 @@
53
58
  <param pos="0" name="os.product" value="OpenVMS"/>
54
59
  <param pos="0" name="os.family" value="OpenVMS"/>
55
60
  </fingerprint>
61
+
56
62
  <fingerprint pattern="^Fedora Project$">
57
63
  <description>Fedora Project</description>
58
64
  <example>Fedora Project</example>
@@ -64,6 +70,7 @@
64
70
  <param pos="0" name="os.family" value="Linux"/>
65
71
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
66
72
  </fingerprint>
73
+
67
74
  <fingerprint pattern="^freedesktop\.org$">
68
75
  <description>freedesktop.org</description>
69
76
  <example>freedesktop.org</example>
@@ -75,6 +82,7 @@
75
82
  <param pos="0" name="os.family" value="Linux"/>
76
83
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
77
84
  </fingerprint>
85
+
78
86
  <fingerprint pattern="^HC-Consult$">
79
87
  <description>HC-Consult</description>
80
88
  <example>HC-Consult</example>
@@ -85,6 +93,7 @@
85
93
  <param pos="0" name="os.family" value="Windows"/>
86
94
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
87
95
  </fingerprint>
96
+
88
97
  <fingerprint pattern="^Hummingbird Communications Ltd\.$|^Hummingbird Ltd\.$">
89
98
  <description>Hummingbird Communications Ltd.</description>
90
99
  <example>Hummingbird Communications Ltd.</example>
@@ -96,16 +105,18 @@
96
105
  <param pos="0" name="os.family" value="Windows"/>
97
106
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
98
107
  </fingerprint>
108
+
99
109
  <fingerprint pattern="^Labtam Inc$">
100
110
  <description>Labtam Inc</description>
101
111
  <example>Labtam Inc</example>
102
112
  <param pos="0" name="os.vendor" value="Microsoft"/>
103
- <param pos="0" name="service.vendor" value="Labtam Inc."/>
113
+ <param pos="0" name="service.vendor" value="Labtam"/>
104
114
  <param pos="0" name="service.product" value="XSecurePro"/>
105
115
  <param pos="0" name="os.product" value="Windows"/>
106
116
  <param pos="0" name="os.family" value="Windows"/>
107
117
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
108
118
  </fingerprint>
119
+
109
120
  <fingerprint pattern="^Moba\/X$">
110
121
  <description>Moba/X</description>
111
122
  <example>Moba/X</example>
@@ -117,6 +128,7 @@
117
128
  <param pos="0" name="os.family" value="Windows"/>
118
129
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
119
130
  </fingerprint>
131
+
120
132
  <fingerprint pattern="^MobaXterm$">
121
133
  <description>MobaXterm</description>
122
134
  <example>MobaXterm</example>
@@ -128,6 +140,7 @@
128
140
  <param pos="0" name="os.family" value="Windows"/>
129
141
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
130
142
  </fingerprint>
143
+
131
144
  <fingerprint pattern="^NetSarang Computer, Inc\.$">
132
145
  <description>NetSarang Computer, Inc.</description>
133
146
  <example>NetSarang Computer, Inc.</example>
@@ -138,6 +151,7 @@
138
151
  <param pos="0" name="os.family" value="Windows"/>
139
152
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
140
153
  </fingerprint>
154
+
141
155
  <fingerprint pattern="^Open Text$">
142
156
  <description>Open Text</description>
143
157
  <example>Open Text</example>
@@ -148,6 +162,7 @@
148
162
  <param pos="0" name="os.family" value="Windows"/>
149
163
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
150
164
  </fingerprint>
165
+
151
166
  <fingerprint pattern="^Red Hat, Inc\.$">
152
167
  <description>Red Hat, Inc.</description>
153
168
  <example>Red Hat, Inc.</example>
@@ -159,6 +174,7 @@
159
174
  <param pos="0" name="os.family" value="Linux"/>
160
175
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
161
176
  </fingerprint>
177
+
162
178
  <fingerprint pattern="^Santa Cruz Operation Inc\.$">
163
179
  <description>Santa Cruz Operation Inc.</description>
164
180
  <example>Santa Cruz Operation Inc.</example>
@@ -168,6 +184,7 @@
168
184
  <param pos="0" name="os.product" value="SCO UNIX"/>
169
185
  <param pos="0" name="os.family" value="SCO UNIX"/>
170
186
  </fingerprint>
187
+
171
188
  <fingerprint pattern="^StarNet Communications Corp\.$">
172
189
  <description>StarNet Communications Corp.</description>
173
190
  <example>StarNet Communications Corp.</example>
@@ -178,6 +195,7 @@
178
195
  <param pos="0" name="os.family" value="Windows"/>
179
196
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
180
197
  </fingerprint>
198
+
181
199
  <fingerprint pattern="^Sun Microsystems, Inc\.$">
182
200
  <description>Sun Microsystems, Inc.</description>
183
201
  <example>Sun Microsystems, Inc.</example>
@@ -188,6 +206,7 @@
188
206
  <param pos="0" name="os.family" value="Solaris"/>
189
207
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:-"/>
190
208
  </fingerprint>
209
+
191
210
  <fingerprint pattern="^The Cygwin\/X Project$">
192
211
  <description>The Cygwin/X Project</description>
193
212
  <example>The Cygwin/X Project</example>
@@ -199,6 +218,7 @@
199
218
  <param pos="0" name="os.family" value="Windows"/>
200
219
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
201
220
  </fingerprint>
221
+
202
222
  <fingerprint pattern="^The X\.Org Foundation$">
203
223
  <description>The X.Org Foundation</description>
204
224
  <example>The X.Org Foundation</example>
@@ -209,6 +229,7 @@
209
229
  <param pos="0" name="os.product" value="UNIX"/>
210
230
  <param pos="0" name="os.family" value="UNIX"/>
211
231
  </fingerprint>
232
+
212
233
  <fingerprint pattern="^The XFree86 Project, Inc$">
213
234
  <description>The XFree86 Project, Inc</description>
214
235
  <example>The XFree86 Project, Inc</example>
@@ -219,6 +240,7 @@
219
240
  <param pos="0" name="os.product" value="UNIX"/>
220
241
  <param pos="0" name="os.family" value="UNIX"/>
221
242
  </fingerprint>
243
+
222
244
  <fingerprint pattern="^WRQ, Inc\.$">
223
245
  <description>WRQ, Inc.</description>
224
246
  <example>WRQ, Inc.</example>
@@ -229,4 +251,5 @@
229
251
  <param pos="0" name="os.family" value="Windows"/>
230
252
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
231
253
  </fingerprint>
232
- </fingerprints>
254
+
255
+ </fingerprints>
data/xml/x509_issuers.xml CHANGED
@@ -1,15 +1,26 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="x509.issuer" protocol="x509">
3
3
  <!--
4
4
  This fingerprint set matches the Issuer field of x509 certificates. These x509
5
5
  certificates may be sourced from any SSL or TLS service. If a particular system
6
6
  has identical subject and issuer fields, the subject field should be preferred.
7
-
8
7
  The format of the Issuer field is built from the x509 distinguished names using
9
8
  a specific order. Please see the comments in x509_subjects.xml for details.
10
-
11
9
  -->
10
+
12
11
  <!-- Chromecast and various devices that support the Cast protocol -->
12
+
13
+ <fingerprint pattern="^CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US$">
14
+ <description>Google Chromecast Gen 1</description>
15
+ <example>CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
16
+ <param pos="0" name="os.vendor" value="Google"/>
17
+ <param pos="0" name="os.product" value="ChromeOS"/>
18
+ <param pos="0" name="hw.device" value="Media Server"/>
19
+ <param pos="0" name="hw.vendor" value="Google"/>
20
+ <param pos="0" name="hw.product" value="Chromecast"/>
21
+ <param pos="0" name="chromecast.generation" value="1"/>
22
+ </fingerprint>
23
+
13
24
  <fingerprint pattern="^CN=Chromecast ICA (\d+)\s*\(?([^,\)]*)\)?,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US$">
14
25
  <description>Google Chromecast</description>
15
26
  <example chromecast.generation="3">CN=Chromecast ICA 3,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
@@ -28,60 +39,67 @@
28
39
  <param pos="1" name="chromecast.generation"/>
29
40
  <param pos="2" name="chromecast.capabilities"/>
30
41
  </fingerprint>
42
+
31
43
  <fingerprint pattern="^CN=Asus fugu Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US$">
32
44
  <description>ASUS Nexus Player (Android) with Google Cast</description>
33
45
  <example>CN=Asus fugu Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US</example>
34
46
  <param pos="0" name="os.vendor" value="Google"/>
35
- <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
36
47
  <param pos="0" name="os.family" value="Linux"/>
37
48
  <param pos="0" name="os.product" value="Android"/>
49
+ <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
38
50
  <param pos="0" name="hw.device" value="Media Server"/>
39
51
  <param pos="0" name="hw.vendor" value="ASUS"/>
40
52
  <param pos="0" name="hw.product" value="Nexus Player"/>
41
53
  </fingerprint>
54
+
42
55
  <fingerprint pattern="^CN=Sony amai Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US$">
43
56
  <description>Sony SmartTV (Android) with Google Cast</description>
44
57
  <example>CN=Sony amai Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US</example>
45
58
  <param pos="0" name="os.vendor" value="Google"/>
46
- <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
47
59
  <param pos="0" name="os.family" value="Linux"/>
48
60
  <param pos="0" name="os.product" value="Android"/>
61
+ <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
49
62
  <param pos="0" name="hw.device" value="Smart TV"/>
50
63
  <param pos="0" name="hw.vendor" value="Sony"/>
51
64
  </fingerprint>
65
+
52
66
  <fingerprint pattern="^CN=Cast TV ICA \(Vizio\),OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US$">
53
67
  <description>Vizio SmartTV (Android) with Google Cast</description>
54
68
  <example>CN=Cast TV ICA (Vizio),OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
55
69
  <param pos="0" name="os.vendor" value="Google"/>
56
- <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
57
70
  <param pos="0" name="os.family" value="Linux"/>
58
71
  <param pos="0" name="os.product" value="Android"/>
72
+ <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
59
73
  <param pos="0" name="hw.device" value="Smart TV"/>
60
74
  <param pos="0" name="hw.vendor" value="Vizio"/>
61
75
  </fingerprint>
76
+
62
77
  <fingerprint pattern="^CN=NVidia Shield Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US$">
63
78
  <description>NVIDIA SHIELD (Android) with Google Cast</description>
64
79
  <example>CN=NVidia Shield Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US</example>
65
80
  <param pos="0" name="os.vendor" value="Google"/>
66
- <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
67
81
  <param pos="0" name="os.family" value="Linux"/>
68
82
  <param pos="0" name="os.product" value="Android"/>
83
+ <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
69
84
  <param pos="0" name="hw.device" value="Tablet"/>
70
85
  <param pos="0" name="hw.vendor" value="NVIDIA"/>
71
86
  <param pos="0" name="hw.product" value="SHIELD"/>
72
87
  </fingerprint>
88
+
73
89
  <fingerprint pattern="^CN=NVidia Darcy NVidia Tegra K1-Denver Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US$">
74
90
  <description>NVIDIA SHIELD (Android) with Google Cast (Darcy)</description>
75
91
  <example>CN=NVidia Darcy NVidia Tegra K1-Denver Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US</example>
76
92
  <param pos="0" name="os.vendor" value="Google"/>
77
- <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
78
93
  <param pos="0" name="os.family" value="Linux"/>
79
94
  <param pos="0" name="os.product" value="Android"/>
95
+ <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
80
96
  <param pos="0" name="hw.device" value="Tablet"/>
81
97
  <param pos="0" name="hw.vendor" value="NVIDIA"/>
82
98
  <param pos="0" name="hw.product" value="SHIELD"/>
83
99
  </fingerprint>
100
+
84
101
  <!-- End of Chromecast -->
102
+
85
103
  <fingerprint pattern="^CN=Yealink Equipment Issuing CA,OU=yealink\.com,O=Yealink Network Technology Co\.\\,Ltd.,L=Xiamen,ST=Fujian,C=CN$">
86
104
  <description>Yealink VoIP Phone</description>
87
105
  <example>CN=Yealink Equipment Issuing CA,OU=yealink.com,O=Yealink Network Technology Co.\,Ltd.,L=Xiamen,ST=Fujian,C=CN</example>
@@ -91,12 +109,14 @@
91
109
  <param pos="0" name="hw.device" value="VoIP"/>
92
110
  <param pos="0" name="hw.vendor" value="Yealink"/>
93
111
  </fingerprint>
112
+
94
113
  <fingerprint pattern="^CN=[a-zA-Z0-9]+,OU=Internally Generated Certificate,O=American Power Conversion Corp,L=Default Locality,ST=Default State,C=US$">
95
114
  <description>APC UPS</description>
96
115
  <example>CN=ZA1117619249,OU=Internally Generated Certificate,O=American Power Conversion Corp,L=Default Locality,ST=Default State,C=US</example>
97
116
  <param pos="0" name="hw.device" value="Power device"/>
98
117
  <param pos="0" name="hw.vendor" value="APC"/>
99
118
  </fingerprint>
119
+
100
120
  <fingerprint pattern="^CN=Temporary CA [a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12},OU=Temporary CA">
101
121
  <description>Cisco Video Communication Server</description>
102
122
  <example>CN=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,OU=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,O=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74</example>
@@ -104,31 +124,35 @@
104
124
  <param pos="0" name="hw.vendor" value="Cisco"/>
105
125
  <param pos="0" name="hw.product" value="TelePresence"/>
106
126
  </fingerprint>
127
+
107
128
  <fingerprint pattern="^O=VMware Installer$">
108
129
  <description>VMWare ESXi w/Installer</description>
109
130
  <example>O=VMware Installer</example>
110
- <param pos="0" name="os.vendor" value="VMWare"/>
111
- <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
131
+ <param pos="0" name="os.vendor" value="VMware"/>
112
132
  <param pos="0" name="os.product" value="ESXi"/>
113
133
  <param pos="0" name="os.device" value="Hypervisor"/>
134
+ <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
114
135
  </fingerprint>
136
+
115
137
  <fingerprint pattern="^CN=CA,OU=VMware Engineering,O=vCenter,ST=California,C=US$">
116
138
  <description>VMWare vCenter</description>
117
139
  <example>CN=CA,OU=VMware Engineering,O=vCenter,ST=California,C=US</example>
118
- <param pos="0" name="service.vendor" value="VMWare"/>
140
+ <param pos="0" name="service.vendor" value="VMware"/>
119
141
  <param pos="0" name="service.product" value="vCenter"/>
120
142
  </fingerprint>
143
+
121
144
  <fingerprint pattern="^CN=Default Issuer \(Do not trust\),OU=ISS,O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US$">
122
145
  <description>HP iLO</description>
123
146
  <example>CN=Default Issuer (Do not trust),OU=ISS,O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
124
147
  <param pos="0" name="hw.device" value="Lights Out Management"/>
125
148
  <param pos="0" name="hw.vendor" value="HP"/>
126
149
  <param pos="0" name="hw.family" value="iLO"/>
127
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
128
150
  <param pos="0" name="hw.product" value="iLO"/>
151
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
129
152
  <param pos="0" name="os.device" value="Lights Out Management"/>
130
153
  <param pos="0" name="os.vendor" value="HP"/>
131
154
  <param pos="0" name="os.family" value="iLO"/>
132
155
  <param pos="0" name="os.product" value="iLO"/>
133
156
  </fingerprint>
134
- </fingerprints>
157
+
158
+ </fingerprints>
data/xml/x509_subjects.xml CHANGED
@@ -1,16 +1,13 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="x509.subject" protocol="x509">
3
3
  <!--
4
4
  This fingerprint set matches the Subject field of x509 certificates. These x509
5
5
  certificates may be sourced from any SSL or TLS service. If a particular system
6
6
  has identical subject and issuer fields, the subject field should be preferred.
7
-
8
7
  The format of the Subject field is built from the x509 distinguished names using
9
8
  a specific order. This order matches the Go implementation at the URL:
10
9
  https://golang.org/src/crypto/x509/pkix/pkix.go#203
11
-
12
10
  The ToRDNSequence() function builds the string in reverse order:
13
-
14
11
  func (n Name) ToRDNSequence() (ret RDNSequence) {
15
12
  ret = n.appendRDNs(ret, n.Country, oidCountry)
16
13
  ret = n.appendRDNs(ret, n.Province, oidProvince)
@@ -28,13 +25,10 @@
28
25
  for _, atv := range n.ExtraNames {
29
26
  ret = append(ret, []AttributeTypeAndValue{atv})
30
27
  }
31
-
32
28
  return ret
33
29
  }
34
-
35
30
  All names are separated by commas and any commas inside a name are escaped with a
36
31
  single backslash character. See RFC 2253 for additional details on formatting.
37
-
38
32
  Practically, most Subjects start with the Common Name (CN=) and then step through
39
33
  Organization Unit (OU), Organization (O), and then some level of location, but
40
34
  typically Locality (L) and Country (C). Names are guaranteed to be listed in
@@ -42,10 +36,9 @@
42
36
  Subjects may start with a Serial Number (SERIALNUMBER=) or even Extra Names, but
43
37
  these are somewhat rare. Keep this name order in mind when working on these
44
38
  fingerprints.
45
-
46
39
  The same constraints also apply to the x509 Issuers (x509_issuers.xml).
47
-
48
40
  -->
41
+
49
42
  <fingerprint pattern="^CN=([0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}),OU=([^,]+),O=Araknis Networks \(TM\),L=Charlotte,C=US$">
50
43
  <description>Araknis Networks Router</description>
51
44
  <example host.mac="d4:6a:91:7a:a3:c4" hw.product="AN-300-RT-4L2W">CN=d4:6a:91:7a:a3:c4,OU=AN-300-RT-4L2W,O=Araknis Networks (TM),L=Charlotte,C=US</example>
@@ -54,23 +47,26 @@
54
47
  <param pos="2" name="hw.product"/>
55
48
  <param pos="1" name="host.mac"/>
56
49
  </fingerprint>
50
+
57
51
  <fingerprint pattern="^CN=([a-fA-F0-9:]+),OU=([^,]+),O=Cisco-Linksys\\, LLC">
58
52
  <description>Cisco / Linksys Router</description>
59
53
  <example host.mac="00:22:6b:ef:1e:d0" hw.product="RV042">CN=00:22:6b:ef:1e:d0,OU=RV042,O=Cisco-Linksys\, LLC,L=Irvine,C=US</example>
60
- <param pos="0" name="hw.device" value="Broadband Router"/>
54
+ <param pos="0" name="hw.device" value="Broadband router"/>
61
55
  <param pos="0" name="hw.vendor" value="Cisco"/>
62
56
  <param pos="2" name="hw.product"/>
63
57
  <param pos="1" name="host.mac"/>
64
58
  </fingerprint>
59
+
65
60
  <fingerprint pattern="^CN=([a-fA-F0-9\:]+),OU=([^,]+),O=Cisco Systems\\, Inc\.">
66
61
  <description>Cisco Post-Linksys Router</description>
67
62
  <example host.mac="74:a2:e6:5c:99:21" hw.product="RV042G">CN=74:a2:e6:5c:99:21,OU=RV042G,O=Cisco Systems\, Inc.,L=Irvine,C=US</example>
68
63
  <example host.mac="4C4E315901D0" hw.product="RV180">CN=4C4E315901D0,OU=RV180,O=Cisco Systems\, Inc.,C=US</example>
69
- <param pos="0" name="hw.device" value="Broadband Router"/>
64
+ <param pos="0" name="hw.device" value="Broadband router"/>
70
65
  <param pos="0" name="hw.vendor" value="Cisco"/>
71
66
  <param pos="2" name="hw.product"/>
72
67
  <param pos="1" name="host.mac"/>
73
68
  </fingerprint>
69
+
74
70
  <fingerprint pattern="^SERIALNUMBER=PID:([^ ]+) SN:([^,]+),CN=(?:[a-zA-Z0-9\-]+)-SEP([a-fA-F0-9]{12}),OU=[CV]TG,O=Cisco Systems Inc\.$">
75
71
  <description>Cisco IP phone with serial number</description>
76
72
  <example host.mac="B07D47D33A1C" hw.product="CP-8851" cisco.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
@@ -81,6 +77,7 @@
81
77
  <param pos="2" name="cisco.serial_number"/>
82
78
  <param pos="3" name="host.mac"/>
83
79
  </fingerprint>
80
+
84
81
  <fingerprint pattern="^CN=SEP([a-fA-F0-9]{12}),O=TemporaryDefaultCertificate$">
85
82
  <description>Cisco IP Phone without serial number</description>
86
83
  <example host.mac="1C6A7AE57121">CN=SEP1C6A7AE57121,O=TemporaryDefaultCertificate</example>
@@ -88,6 +85,7 @@
88
85
  <param pos="0" name="hw.vendor" value="Cisco"/>
89
86
  <param pos="1" name="host.mac"/>
90
87
  </fingerprint>
88
+
91
89
  <fingerprint pattern="^CN=Cambium WLAN AP,OU=Products,O=Cambium Networks Inc,L=San Jose,ST=CA,C=US$">
92
90
  <description>Cambium Networks WAP</description>
93
91
  <example>CN=Cambium WLAN AP,OU=Products,O=Cambium Networks Inc,L=San Jose,ST=CA,C=US</example>
@@ -95,6 +93,7 @@
95
93
  <param pos="0" name="hw.vendor" value="Cambium Networks"/>
96
94
  <param pos="0" name="hw.product" value="WLAN AP"/>
97
95
  </fingerprint>
96
+
98
97
  <fingerprint pattern="^CN=([^,]+),OU=Products,O=Cambium Networks Inc,L=San Jose,ST=CA,C=US$">
99
98
  <description>Cambium Networks Router</description>
100
99
  <example hw.product="R190V">CN=R190V,OU=Products,O=Cambium Networks Inc,L=San Jose,ST=CA,C=US</example>
@@ -103,12 +102,14 @@
103
102
  <param pos="0" name="hw.vendor" value="Cambium Networks"/>
104
103
  <param pos="1" name="hw.product"/>
105
104
  </fingerprint>
105
+
106
106
  <fingerprint pattern="^CN=Nepenthes Development Team,OU=anv,O=dionaea\.carnivore\.it,C=DE$">
107
107
  <description>Nepenthes honeypot</description>
108
108
  <example>CN=Nepenthes Development Team,OU=anv,O=dionaea.carnivore.it,C=DE</example>
109
109
  <param pos="0" name="service.family" value="Nepenthes"/>
110
110
  <param pos="0" name="service.product" value="Nepenthes"/>
111
111
  </fingerprint>
112
+
112
113
  <fingerprint pattern="^CN=IPMI,OU=Software,O=Super Micro Computer,ST=California,C=US$">
113
114
  <description>Super Micro IPMI Controller</description>
114
115
  <example>CN=IPMI,OU=Software,O=Super Micro Computer,ST=California,C=US</example>
@@ -118,6 +119,7 @@
118
119
  <param pos="0" name="os.vendor" value="Super Micro"/>
119
120
  <param pos="0" name="os.product" value="ATEN Linux"/>
120
121
  </fingerprint>
122
+
121
123
  <fingerprint pattern="^CN=iDRACdefault([a-fA-F0-9]{12}),OU=iDRAC Group,O=Dell Inc.,L=Round Rock,C=US$">
122
124
  <description>Dell iDRAC Remote Access Controller w/MAC</description>
123
125
  <example host.mac="0023AEF89AD1">CN=iDRACdefault0023AEF89AD1,OU=iDRAC Group,O=Dell Inc.,L=Round Rock,C=US</example>
@@ -128,6 +130,7 @@
128
130
  <param pos="0" name="os.product" value="iDRAC Linux"/>
129
131
  <param pos="1" name="host.mac"/>
130
132
  </fingerprint>
133
+
131
134
  <fingerprint pattern="^CN=idrac-([A-Z0-9]{7}),OU=Remote Access Group,O=Dell Inc\.,L=Round Rock,ST=Texas,C=US$">
132
135
  <description>Dell iDRAC Remote Access Controller w/Service Tag</description>
133
136
  <example dell.service_tag="JXJJC02">CN=idrac-JXJJC02,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
@@ -139,6 +142,7 @@
139
142
  <param pos="0" name="os.product" value="iDRAC Linux"/>
140
143
  <param pos="1" name="dell.service_tag"/>
141
144
  </fingerprint>
145
+
142
146
  <fingerprint pattern="^CN=idrac.*,OU=Remote Access Group,O=Dell Inc\.,L=Round Rock,ST=Texas,C=US$">
143
147
  <description>Dell iDRAC Remote Access Controller w/o Service Tag</description>
144
148
  <example>CN=idrac-SVCTAG,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
@@ -151,17 +155,19 @@
151
155
  <param pos="0" name="os.vendor" value="Dell"/>
152
156
  <param pos="0" name="os.product" value="iDRAC Linux"/>
153
157
  </fingerprint>
158
+
154
159
  <fingerprint pattern="^CN=(i?DRAC\d+) default certificate,OU=Remote Access Group,O=Dell Inc\.,L=Round Rock,ST=Texas,C=US$">
155
160
  <description>Dell iDRAC Remote Access Controller w/Version</description>
156
- <example>CN=iDRAC7 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
157
- <example>CN=iDRAC6 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
158
- <example>CN=DRAC5 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
161
+ <example hw.product="iDRAC7">CN=iDRAC7 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
162
+ <example hw.product="iDRAC6">CN=iDRAC6 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
163
+ <example hw.product="DRAC5">CN=DRAC5 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
159
164
  <param pos="0" name="hw.device" value="Lights Out Management"/>
160
165
  <param pos="0" name="hw.vendor" value="Dell"/>
161
166
  <param pos="1" name="hw.product"/>
162
167
  <param pos="0" name="os.vendor" value="Dell"/>
163
168
  <param pos="0" name="os.product" value="iDRAC Linux"/>
164
169
  </fingerprint>
170
+
165
171
  <fingerprint pattern="^CN=iDRAC default certificate,OU=Server Firmware Group,O=Dell Inc\.,L=Round Rock,ST=Texas,C=US$">
166
172
  <description>Dell iDRAC Remote Access Controller Default Certificate</description>
167
173
  <example>CN=iDRAC default certificate,OU=Server Firmware Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
@@ -171,6 +177,7 @@
171
177
  <param pos="0" name="os.vendor" value="Dell"/>
172
178
  <param pos="0" name="os.product" value="iDRAC Linux"/>
173
179
  </fingerprint>
180
+
174
181
  <fingerprint pattern="^CN=XCC-([a-zA-Z0-9]+)-([a-zA-Z0-9]+),O=System X,L=RTP,ST=NC,C=US$">
175
182
  <description>Lenovo XCC</description>
176
183
  <example lenovo.machine_type="7X06" lenovo.machine_model="J1005NEX">CN=XCC-7X06-J1005NEX,O=System X,L=RTP,ST=NC,C=US</example>
@@ -183,33 +190,36 @@
183
190
  <param pos="1" name="lenovo.machine_type"/>
184
191
  <param pos="2" name="lenovo.machine_model"/>
185
192
  </fingerprint>
193
+
186
194
  <fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US$">
187
195
  <description>HP iLO</description>
188
196
  <example>CN=SERVER-1231,OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US</example>
189
197
  <param pos="0" name="hw.device" value="Lights Out Management"/>
190
198
  <param pos="0" name="hw.vendor" value="HP"/>
191
199
  <param pos="0" name="hw.family" value="iLO"/>
192
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
193
200
  <param pos="0" name="hw.product" value="iLO"/>
201
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
194
202
  <param pos="0" name="os.device" value="Lights Out Management"/>
195
203
  <param pos="0" name="os.vendor" value="HP"/>
196
204
  <param pos="0" name="os.family" value="iLO"/>
197
205
  <param pos="0" name="os.product" value="iLO"/>
198
206
  <param pos="1" name="host.name"/>
199
207
  </fingerprint>
208
+
200
209
  <fingerprint pattern="^CN=HP Service Processor,OU=UDU Service Tools,O=Hewlett-Packard Development Company\\, L\.P\.\\ ,L=Fremont,ST=California,C=US$">
201
210
  <description>HP iLO - HP Service Processor</description>
202
211
  <example>CN=HP Service Processor,OU=UDU Service Tools,O=Hewlett-Packard Development Company\, L.P.\ ,L=Fremont,ST=California,C=US</example>
203
212
  <param pos="0" name="hw.device" value="Lights Out Management"/>
204
213
  <param pos="0" name="hw.vendor" value="HP"/>
205
214
  <param pos="0" name="hw.family" value="iLO"/>
206
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
207
215
  <param pos="0" name="hw.product" value="iLO"/>
216
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
208
217
  <param pos="0" name="os.device" value="Lights Out Management"/>
209
218
  <param pos="0" name="os.vendor" value="HP"/>
210
219
  <param pos="0" name="os.family" value="iLO"/>
211
220
  <param pos="0" name="os.product" value="iLO"/>
212
221
  </fingerprint>
222
+
213
223
  <fingerprint pattern="^CN=OA\-([a-fA-F0-9]+),OU=Onboard Administrator,">
214
224
  <description>HP iLO (Onboard Administrator)</description>
215
225
  <example>CN=OA-001F296E21A3,OU=Onboard Administrator,O=Corp.,L=Location,ST=N/A,C=US</example>
@@ -217,28 +227,30 @@
217
227
  <param pos="0" name="hw.device" value="Lights Out Management"/>
218
228
  <param pos="0" name="hw.vendor" value="HP"/>
219
229
  <param pos="0" name="hw.family" value="iLO"/>
220
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
221
230
  <param pos="0" name="hw.product" value="iLO"/>
231
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
222
232
  <param pos="0" name="os.device" value="Lights Out Management"/>
223
233
  <param pos="0" name="os.vendor" value="HP"/>
224
234
  <param pos="0" name="os.family" value="iLO"/>
225
235
  <param pos="0" name="os.product" value="iLO"/>
226
236
  <param pos="1" name="host.mac"/>
227
237
  </fingerprint>
238
+
228
239
  <fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=Hewlett Packard Enterprise Network Management Software \(SMH\),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US$">
229
240
  <description>HP iLO - Enterprise Mgmt variant</description>
230
241
  <example>CN=bigsrv99,OU=Hewlett Packard Enterprise Network Management Software (SMH),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
231
242
  <param pos="0" name="hw.device" value="Lights Out Management"/>
232
243
  <param pos="0" name="hw.vendor" value="HP"/>
233
244
  <param pos="0" name="hw.family" value="iLO"/>
234
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
235
245
  <param pos="0" name="hw.product" value="iLO"/>
246
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
236
247
  <param pos="0" name="os.device" value="Lights Out Management"/>
237
248
  <param pos="0" name="os.vendor" value="HP"/>
238
249
  <param pos="0" name="os.family" value="iLO"/>
239
250
  <param pos="0" name="os.product" value="iLO"/>
240
251
  <param pos="1" name="host.name"/>
241
252
  </fingerprint>
253
+
242
254
  <fingerprint pattern="^CN=Oracle Integrated Lights Out Manager,O=Oracle America\\, Inc\.,L=Redwood Shores,ST=California,C=US$">
243
255
  <description>Oracle iLO</description>
244
256
  <example>CN=Oracle Integrated Lights Out Manager,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US</example>
@@ -251,6 +263,7 @@
251
263
  <param pos="0" name="os.family" value="ILOM"/>
252
264
  <param pos="0" name="os.product" value="ILOM"/>
253
265
  </fingerprint>
266
+
254
267
  <fingerprint pattern="^CN=AMI,OU=Service Processors,O=American Megatrends Inc">
255
268
  <description>AMI MegaRAC LOM</description>
256
269
  <example>CN=AMI,OU=Service Processors,O=American Megatrends Inc.,L=Norcross,ST=Georgia,C=US</example>
@@ -264,6 +277,7 @@
264
277
  <param pos="0" name="os.family" value="MegaRAC"/>
265
278
  <param pos="0" name="os.product" value="MegaRAC"/>
266
279
  </fingerprint>
280
+
267
281
  <fingerprint pattern="^CN=C-series CIMC,OU=PID:([^ ]+) SERIAL:([^,]+),O=Cisco">
268
282
  <description>Cisco Integrated Management Controller</description>
269
283
  <example cisco.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
@@ -276,6 +290,7 @@
276
290
  <param pos="2" name="cisco.serial_number"/>
277
291
  <param pos="1" name="cisco.imc_model"/>
278
292
  </fingerprint>
293
+
279
294
  <fingerprint pattern="^CN=C220-(FCH[^,]+),OU=null,O=Cisco Systems Inc">
280
295
  <description>Cisco Integrated Management Controller C220</description>
281
296
  <example cisco.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
@@ -287,6 +302,7 @@
287
302
  <param pos="0" name="os.product" value="IMC"/>
288
303
  <param pos="1" name="cisco.serial_number"/>
289
304
  </fingerprint>
305
+
290
306
  <fingerprint pattern="^CN=avocent.com,OU=AESS,O=Avocent,L=Sunrise,ST=FL,C=US$">
291
307
  <description>Avocent KVM</description>
292
308
  <example>CN=avocent.com,OU=AESS,O=Avocent,L=Sunrise,ST=FL,C=US</example>
@@ -295,6 +311,7 @@
295
311
  <param pos="0" name="os.device" value="KVM"/>
296
312
  <param pos="0" name="os.vendor" value="Avocent"/>
297
313
  </fingerprint>
314
+
298
315
  <fingerprint pattern="^CN=Avocent Mergepoint Unity,O=Avocent Mergepoint Unity,L=Huntsville,ST=Alabama,C=US$">
299
316
  <description>Avocent Mergepoint KVM</description>
300
317
  <example>CN=Avocent Mergepoint Unity,O=Avocent Mergepoint Unity,L=Huntsville,ST=Alabama,C=US</example>
@@ -305,6 +322,7 @@
305
322
  <param pos="0" name="os.vendor" value="Avocent"/>
306
323
  <param pos="0" name="os.product" value="Mergepoint"/>
307
324
  </fingerprint>
325
+
308
326
  <fingerprint pattern="^CN=HP Jetdirect [a-zA-Z0-9]+,OU=([a-fA-F0-9]{12})\+OU=([a-zA-Z0-9]+),O=Hewlett-Packard Co\.$">
309
327
  <description>HP Jet Direct - with host MAC and product</description>
310
328
  <example host.mac="2C413883186A" hw.product="J8028E">CN=HP Jetdirect 38831831,OU=2C413883186A+OU=J8028E,O=Hewlett-Packard Co.</example>
@@ -319,6 +337,7 @@
319
337
  <param pos="2" name="hw.product"/>
320
338
  <param pos="2" name="os.product"/>
321
339
  </fingerprint>
340
+
322
341
  <fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=HP-IPG,O=HP,L=Vancouver,ST=Washington,C=US$">
323
342
  <description>HP Jet Direct</description>
324
343
  <example host.name="HPD49F21">CN=HPD49F21,OU=HP-IPG,O=HP,L=Vancouver,ST=Washington,C=US</example>
@@ -330,6 +349,7 @@
330
349
  <param pos="0" name="os.family" value="JetDirect"/>
331
350
  <param pos="1" name="host.name"/>
332
351
  </fingerprint>
352
+
333
353
  <fingerprint pattern="^CN=(?:Sourcefire3D|firepower|ciscoasa),OU=Intrusion Management System,O=(?:Sourcefire\\, Inc.|Cisco Systems\\, Inc),C=US$">
334
354
  <description>Cisco Firepower</description>
335
355
  <example>CN=firepower,OU=Intrusion Management System,O=Cisco Systems\, Inc,C=US</example>
@@ -343,13 +363,14 @@
343
363
  <param pos="0" name="os.product" value="Firepower"/>
344
364
  <param pos="0" name="os.family" value="Linux"/>
345
365
  </fingerprint>
366
+
346
367
  <fingerprint pattern="^CN=ASA Temporary Self Signed Certificate$">
347
368
  <description>Cisco ASA Temp Cert</description>
348
369
  <example>CN=ASA Temporary Self Signed Certificate</example>
349
370
  <param pos="0" name="os.vendor" value="Cisco"/>
350
371
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
351
372
  <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
352
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance"/>
373
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
353
374
  <param pos="0" name="hw.vendor" value="Cisco"/>
354
375
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
355
376
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
@@ -362,11 +383,8 @@
362
383
  <example cisco.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
363
384
  <param pos="0" name="os.vendor" value="Cisco"/>
364
385
  <param pos="0" name="os.device" value="Wireless Controller"/>
365
- <param pos="0" name="os.product" value="Virtual WLC"/>
386
+ <param pos="0" name="os.product" value="Wireless LAN Controller"/>
366
387
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller:-"/>
367
- <param pos="0" name="hw.vendor" value="Cisco"/>
368
- <param pos="0" name="hw.device" value="Wireless Controller"/>
369
- <param pos="0" name="hw.product" value="Virtual WLC"/>
370
388
  <param pos="1" name="cisco.serial_number"/>
371
389
  </fingerprint>
372
390
 
@@ -375,11 +393,12 @@
375
393
  <example>CN=169.254.1.1,OU=DeviceSSL (WebAdmin),O=Cisco Systems Inc.,C=US</example>
376
394
  <param pos="0" name="os.vendor" value="Cisco"/>
377
395
  <param pos="0" name="os.device" value="Wireless Controller"/>
378
- <param pos="0" name="os.product" value="Wireless Controller"/>
396
+ <param pos="0" name="os.product" value="Wireless LAN Controller"/>
379
397
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller:-"/>
380
398
  <param pos="0" name="hw.vendor" value="Cisco"/>
381
399
  <param pos="0" name="hw.device" value="Wireless Controller"/>
382
- <param pos="0" name="hw.product" value="Wireless Controller"/>
400
+ <param pos="0" name="hw.product" value="Wireless LAN Controller"/>
401
+ <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:wireless_lan_controller:-"/>
383
402
  </fingerprint>
384
403
 
385
404
  <fingerprint pattern="^CN=pca,OU=Cisco Prime Collaboration Manager,O=Cisco,L=San Jose,ST=California,C=US$">
@@ -405,6 +424,7 @@
405
424
  <param pos="0" name="os.product" value="DSM"/>
406
425
  <param pos="0" name="os.vendor" value="Synology"/>
407
426
  </fingerprint>
427
+
408
428
  <fingerprint pattern="^CN=(?:\*\.)?([a-zA-Z0-9\.\_\-]+)\.wd2go\.com">
409
429
  <description>Western Digital WD2GO Devices</description>
410
430
  <example wd2go.device_id="device1133796-01b3e3fa">CN=device1133796-01b3e3fa.wd2go.com,OU=Domain Control Validated+OU=Hosted by Western Digital Corporation+OU=COMODO SSL Unified Communications</example>
@@ -417,6 +437,7 @@
417
437
  <param pos="0" name="os.device" value="Storage"/>
418
438
  <param pos="1" name="wd2go.device_id"/>
419
439
  </fingerprint>
440
+
420
441
  <fingerprint pattern="^CN=Seagate Technology LLC,O=Seagate Technology LLC,L=Cupertino,ST=California,C=US$">
421
442
  <description>Seagate NAS</description>
422
443
  <example>CN=Seagate Technology LLC,O=Seagate Technology LLC,L=Cupertino,ST=California,C=US</example>
@@ -425,6 +446,7 @@
425
446
  <param pos="0" name="os.vendor" value="Seagate"/>
426
447
  <param pos="0" name="os.family" value="Linux"/>
427
448
  </fingerprint>
449
+
428
450
  <fingerprint pattern="^CN=[\d\.]+,OU=Q-Series,O=Quantum,ST=CO,C=US$">
429
451
  <description>Seagate Q-Series NAS (previously Quantum)</description>
430
452
  <example>CN=1.1.1.1,OU=Q-Series,O=Quantum,ST=CO,C=US</example>
@@ -433,6 +455,7 @@
433
455
  <param pos="0" name="os.vendor" value="Seagate"/>
434
456
  <param pos="0" name="os.family" value="Linux"/>
435
457
  </fingerprint>
458
+
436
459
  <fingerprint pattern="^CN=QNAP NAS,OU=QTS,O=QNAP Systems\\, Inc\.,L=Taipei,ST=Taipei,C=TW$">
437
460
  <description>QNAP NAS</description>
438
461
  <example>CN=QNAP NAS,OU=QTS,O=QNAP Systems\, Inc.,L=Taipei,ST=Taipei,C=TW</example>
@@ -443,68 +466,77 @@
443
466
  <param pos="0" name="os.vendor" value="QNAP Systems"/>
444
467
  <param pos="0" name="os.device" value="Storage"/>
445
468
  </fingerprint>
469
+
446
470
  <fingerprint pattern="^CN=VMware,OU=VMware,L=Palo Alto,C=US$">
447
471
  <description>VMWare Authentication Daemon</description>
448
472
  <example>CN=VMware,OU=VMware,L=Palo Alto,C=US</example>
449
- <param pos="0" name="service.vendor" value="VMWare"/>
473
+ <param pos="0" name="service.vendor" value="VMware"/>
450
474
  <param pos="0" name="service.product" value="vmauthd"/>
451
475
  </fingerprint>
476
+
452
477
  <fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$">
453
478
  <description>VMWare ESX</description>
454
479
  <example>CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
455
- <param pos="0" name="os.vendor" value="VMWare"/>
456
- <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
480
+ <param pos="0" name="os.vendor" value="VMware"/>
457
481
  <param pos="0" name="os.product" value="ESX"/>
458
482
  <param pos="0" name="os.device" value="Hypervisor"/>
483
+ <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
459
484
  <param pos="1" name="host.name"/>
460
485
  </fingerprint>
486
+
461
487
  <fingerprint pattern="^CN.*,OU=SRM,O=VMware\\, Inc\.,L=Palo Alto,ST=California,C=US$">
462
488
  <description>VMWare SRM</description>
463
489
  <example>CN=SRM01,OU=SRM,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US</example>
464
- <param pos="0" name="os.vendor" value="VMWare"/>
490
+ <param pos="0" name="os.vendor" value="VMware"/>
465
491
  <param pos="0" name="os.product" value="Linux"/>
466
- <param pos="0" name="hw.vendor" value="VMWare"/>
492
+ <param pos="0" name="hw.vendor" value="VMware"/>
467
493
  <param pos="0" name="hw.device" value="Appliance"/>
468
494
  <param pos="0" name="hw.product" value="Site Recovery Manager"/>
469
- <param pos="0" name="service.vendor" value="VMWare"/>
495
+ <param pos="0" name="service.vendor" value="VMware"/>
470
496
  <param pos="0" name="service.product" value="Site Recovery Manager"/>
471
- <param pos="0" name="service.cpe23" value="cpe:/a:vmware:site_recovery_manager:-"/>
472
497
  </fingerprint>
498
+
473
499
  <fingerprint pattern="^CN=IOS-Self-Signed-Certificate-">
474
500
  <description>Cisco IOS Default Certificate</description>
475
501
  <example>CN=IOS-Self-Signed-Certificate-4163115936</example>
476
502
  <param pos="0" name="os.vendor" value="Cisco"/>
477
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
478
503
  <param pos="0" name="os.family" value="IOS"/>
479
504
  <param pos="0" name="os.product" value="IOS"/>
505
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
480
506
  <param pos="0" name="hw.vendor" value="Cisco"/>
481
507
  <param pos="0" name="hw.device" value="Router"/>
482
508
  </fingerprint>
483
- <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US$">
509
+
510
+ <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=(?:Cast|Google TV),O=Google Inc,L=Mountain View,ST=California,C=US$">
484
511
  <description>Google Chromecast</description>
485
512
  <example chromecast.serial_number="LVDZG5" host.mac_local="FA8FCA67413D">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
513
+ <example chromecast.serial_number="YRBLE" host.mac_local="FA8FCA7DE87D">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
486
514
  <param pos="0" name="os.vendor" value="Google"/>
487
515
  <param pos="0" name="os.product" value="ChromeOS"/>
488
516
  <param pos="0" name="hw.device" value="Media Server"/>
489
517
  <param pos="0" name="hw.vendor" value="Google"/>
490
518
  <param pos="0" name="hw.product" value="Chromecast"/>
491
519
  <param pos="1" name="chromecast.serial_number"/>
492
- <!-- local administered mac address (clear bit 2 of first byte) -->
520
+ <!-- This is the hotspot-mode MAC address (clear bit 2) -->
521
+
493
522
  <param pos="2" name="host.mac_local"/>
494
523
  </fingerprint>
524
+
495
525
  <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=Cast TV \(Vizio\),O=Google Inc,L=Mountain View,ST=California,C=US$">
496
526
  <description>Vizio SmartTV (Android) with Google Cast</description>
497
527
  <example chromecast.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
498
528
  <param pos="0" name="os.vendor" value="Google"/>
499
- <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
500
529
  <param pos="0" name="os.family" value="Linux"/>
501
530
  <param pos="0" name="os.product" value="Android"/>
531
+ <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
502
532
  <param pos="0" name="hw.device" value="Smart TV"/>
503
533
  <param pos="0" name="hw.vendor" value="Vizio"/>
504
534
  <param pos="1" name="chromecast.serial_number"/>
505
- <!-- local administered mac address (clear bit 2 of first byte) -->
535
+ <!-- This is the hotspot-mode MAC address (clear bit 2) -->
536
+
506
537
  <param pos="2" name="host.mac_local"/>
507
538
  </fingerprint>
539
+
508
540
  <fingerprint pattern="^CN=TANDBERG,OU=R&amp;D,O=TANDBERG ASA,L=Lysaker,ST=Askerhus,C=NO$">
509
541
  <description>Cisco (TANDBERG) TelePresence</description>
510
542
  <example>CN=TANDBERG,OU=R&amp;D,O=TANDBERG ASA,L=Lysaker,ST=Askerhus,C=NO</example>
@@ -516,6 +548,7 @@
516
548
  <param pos="0" name="os.product" value="TelePresence"/>
517
549
  <param pos="0" name="os.device" value="Video Conferencing"/>
518
550
  </fingerprint>
551
+
519
552
  <fingerprint pattern="^CN=lifesize.com,C=US$">
520
553
  <description>Lifesize TelePresence</description>
521
554
  <example>CN=lifesize.com,C=US</example>
@@ -527,6 +560,7 @@
527
560
  <param pos="0" name="os.product" value="TelePresence"/>
528
561
  <param pos="0" name="os.device" value="Video Conferencing"/>
529
562
  </fingerprint>
563
+
530
564
  <fingerprint pattern="^CN=MERCURY-([a-fA-F0-9]{12}),OU=Engineering,O=Crestron">
531
565
  <description>Crestron Mercury</description>
532
566
  <example host.mac="00107F1ABAA0">CN=MERCURY-00107F1ABAA0,OU=Engineering,O=Crestron Electronics\, Inc.,L=Rockleigh,ST=NJ,C=US</example>
@@ -538,6 +572,7 @@
538
572
  <param pos="0" name="os.device" value="Video Conferencing"/>
539
573
  <param pos="1" name="host.mac"/>
540
574
  </fingerprint>
575
+
541
576
  <fingerprint pattern="^CN=(AM-\d+)-([a-fA-F0-9]{12}),OU=Engineering,O=Crestron">
542
577
  <description>Crestron AirMedia</description>
543
578
  <example hw.product="AM-200" host.mac="00107FB7B1E2">CN=AM-200-00107FB7B1E2,OU=Engineering,O=Crestron Electronics\, Inc.,L=Rockleigh,ST=NJ,C=US</example>
@@ -549,6 +584,7 @@
549
584
  <param pos="0" name="os.device" value="Video Conferencing"/>
550
585
  <param pos="2" name="host.mac"/>
551
586
  </fingerprint>
587
+
552
588
  <fingerprint pattern="^CN=Crestron,OU=Engineering,O=Crestron Electronics\\, Inc\.,L=Rockleigh,ST=NJ,C=US$">
553
589
  <description>Crestron Video Conferencing</description>
554
590
  <example>CN=Crestron,OU=Engineering,O=Crestron Electronics\, Inc.,L=Rockleigh,ST=NJ,C=US</example>
@@ -558,6 +594,7 @@
558
594
  <param pos="0" name="os.family" value="Linux"/>
559
595
  <param pos="0" name="os.device" value="Video Conferencing"/>
560
596
  </fingerprint>
597
+
561
598
  <fingerprint pattern="^CN=ClickShare-\d+$">
562
599
  <description>ClickShare Wireless Presenter</description>
563
600
  <example>CN=ClickShare-4234234324</example>
@@ -568,6 +605,7 @@
568
605
  <param pos="0" name="os.family" value="ClickShareOS"/>
569
606
  <param pos="0" name="os.device" value="Wireless Presenter"/>
570
607
  </fingerprint>
608
+
571
609
  <fingerprint pattern="^CN=Solstice,OU=Solstice,O=Mersive Technologies Inc,L=Denver,ST=CO,C=US$">
572
610
  <description>SolsticePod</description>
573
611
  <example>CN=Solstice,OU=Solstice,O=Mersive Technologies Inc,L=Denver,ST=CO,C=US</example>
@@ -575,6 +613,7 @@
575
613
  <param pos="0" name="hw.device" value="Wireless Presenter"/>
576
614
  <param pos="0" name="hw.product" value="SolsticePod"/>
577
615
  </fingerprint>
616
+
578
617
  <fingerprint pattern="^CN=Controller,OU=FW,O=ExtronElectronics,ST=CA,C=US$">
579
618
  <description>Extron MediaLink Controller</description>
580
619
  <example>CN=Controller,OU=FW,O=ExtronElectronics,ST=CA,C=US</example>
@@ -584,6 +623,7 @@
584
623
  <param pos="0" name="os.vendor" value="Extron"/>
585
624
  <param pos="0" name="os.family" value="Linux"/>
586
625
  </fingerprint>
626
+
587
627
  <fingerprint pattern="^CN=IPLP,OU=ControlSystems,O=ExtronElectronics,L=Anaheim,ST=CA,C=US$">
588
628
  <description>Extron IPLP </description>
589
629
  <example>CN=IPLP,OU=ControlSystems,O=ExtronElectronics,L=Anaheim,ST=CA,C=US</example>
@@ -593,6 +633,7 @@
593
633
  <param pos="0" name="os.vendor" value="Extron"/>
594
634
  <param pos="0" name="os.family" value="Linux"/>
595
635
  </fingerprint>
636
+
596
637
  <fingerprint pattern="^CN=TLP,OU=ControlSystems,O=ExtronElectronics,L=Anaheim,ST=CA,C=US$">
597
638
  <description>Extron TLP </description>
598
639
  <example>CN=TLP,OU=ControlSystems,O=ExtronElectronics,L=Anaheim,ST=CA,C=US</example>
@@ -602,6 +643,7 @@
602
643
  <param pos="0" name="os.vendor" value="Extron"/>
603
644
  <param pos="0" name="os.family" value="Linux"/>
604
645
  </fingerprint>
646
+
605
647
  <fingerprint pattern="^CN=ShareLink-Pro-.*,OU=AVSystems,O=ExtronElectronics">
606
648
  <description>Extron ShareLink Pro </description>
607
649
  <example>CN=ShareLink-Pro-18-99-99.local.com,OU=AVSystems,O=ExtronElectronics,L=Anaheim,ST=CA,C=US</example>
@@ -611,18 +653,23 @@
611
653
  <param pos="0" name="os.vendor" value="Extron"/>
612
654
  <param pos="0" name="os.family" value="Linux"/>
613
655
  </fingerprint>
656
+
614
657
  <fingerprint pattern="^CN=VMM APIC,OU=VMM\d+,O=Cisco,L=San Jose,ST=CA,C=US$">
615
658
  <description>Cisco APIC</description>
616
659
  <example>CN=VMM APIC,OU=VMM15,O=Cisco,L=San Jose,ST=CA,C=US</example>
617
660
  <param pos="0" name="hw.vendor" value="Cisco"/>
618
661
  <param pos="0" name="hw.product" value="APIC"/>
662
+ <param pos="0" name="hw.device" value="Network Appliance"/>
619
663
  </fingerprint>
664
+
620
665
  <fingerprint pattern="^CN=APIC$">
621
666
  <description>Cisco APIC - bare CN</description>
622
667
  <example>CN=APIC</example>
623
668
  <param pos="0" name="hw.vendor" value="Cisco"/>
624
669
  <param pos="0" name="hw.product" value="APIC"/>
670
+ <param pos="0" name="hw.device" value="Network Appliance"/>
625
671
  </fingerprint>
672
+
626
673
  <fingerprint pattern="^CN=(iPX\d+),OU=I Project,O=Samsung Electronics,L=Suwon,ST=Gyeonggi-do,C=KR$">
627
674
  <description>Samsung Communication Manager</description>
628
675
  <example hw.product="iPX3010">CN=iPX3010,OU=I Project,O=Samsung Electronics,L=Suwon,ST=Gyeonggi-do,C=KR</example>
@@ -633,6 +680,7 @@
633
680
  <param pos="0" name="os.vendor" value="Samsung"/>
634
681
  <param pos="0" name="os.family" value="Linux"/>
635
682
  </fingerprint>
683
+
636
684
  <fingerprint pattern="^CN=www.hikvision.com,OU=DVRNVR,O=HIKVISION,L=HangZhou,ST=ZheJiang,C=CN$">
637
685
  <description>HIKVISION DVR</description>
638
686
  <example>CN=www.hikvision.com,OU=DVRNVR,O=HIKVISION,L=HangZhou,ST=ZheJiang,C=CN</example>
@@ -641,6 +689,7 @@
641
689
  <param pos="0" name="hw.vendor" value="Hikvision"/>
642
690
  <param pos="0" name="hw.device" value="DVR"/>
643
691
  </fingerprint>
692
+
644
693
  <fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=Polatis Switch ([a-zA-Z0-9]+),O=Polatis Inc\.,ST=N/A,C=UK$">
645
694
  <description>Polatis Switch</description>
646
695
  <example host.name="192.168.0.1" hw.product="1591">CN=192.168.0.1,OU=Polatis Switch 1591,O=Polatis Inc.,ST=N/A,C=UK</example>
@@ -652,6 +701,7 @@
652
701
  <param pos="1" name="host.name"/>
653
702
  <param pos="2" name="hw.product"/>
654
703
  </fingerprint>
704
+
655
705
  <fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),O=Fidelis Cybersecurity$">
656
706
  <description>Fidelis CommandPost</description>
657
707
  <example host.name="localhost.localdomain">CN=localhost.localdomain,O=Fidelis Cybersecurity</example>
@@ -662,6 +712,7 @@
662
712
  <param pos="0" name="os.product" value="CommandPost"/>
663
713
  <param pos="1" name="host.name"/>
664
714
  </fingerprint>
715
+
665
716
  <fingerprint pattern="^CN=([a-zA-Z0-9]+\-[a-zA-Z0-9]+)\-([a-zA-Z0-9]+),O=IBM,L=Endicott,ST=New York,C=IN$">
666
717
  <description>IBM POWER System</description>
667
718
  <example hw.product="8284-22A" hw.model="211BAFW">CN=8284-22A-211BAFW,O=IBM,L=Endicott,ST=New York,C=IN</example>
@@ -670,6 +721,7 @@
670
721
  <param pos="1" name="hw.product" value=""/>
671
722
  <param pos="2" name="hw.model"/>
672
723
  </fingerprint>
724
+
673
725
  <fingerprint pattern="^CN=EagleEyeDirectorII.polycom.com,OU=Video Division,O=Polycom Inc.,L=San Jose,ST=California,C=US$">
674
726
  <description>Polycom Eagle Eye Director</description>
675
727
  <example>CN=EagleEyeDirectorII.polycom.com,OU=Video Division,O=Polycom Inc.,L=San Jose,ST=California,C=US</example>
@@ -677,6 +729,7 @@
677
729
  <param pos="0" name="hw.device" value="Video Conferencing"/>
678
730
  <param pos="0" name="hw.product" value="Eagle Eye Director II"/>
679
731
  </fingerprint>
732
+
680
733
  <fingerprint pattern="^CN=([a-zA-Z0-9]+),OU=RD,O=QSC\\, LLC,ST=Colorado,C=US$">
681
734
  <description>Q-SYS Licensing Manager</description>
682
735
  <example host.name="SVRTIP44">CN=SVRTIP44,OU=RD,O=QSC\, LLC,ST=Colorado,C=US</example>
@@ -684,6 +737,7 @@
684
737
  <param pos="0" name="service.product" value="Licensing Manager"/>
685
738
  <param pos="1" name="host.name"/>
686
739
  </fingerprint>
740
+
687
741
  <fingerprint pattern="^CN=([A-Za-z0-9]+),OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
688
742
  <description>Fortinet Gateway</description>
689
743
  <example fortinet.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
@@ -691,24 +745,26 @@
691
745
  <param pos="0" name="hw.vendor" value="Fortinet"/>
692
746
  <param pos="0" name="hw.device" value="Firewall"/>
693
747
  <param pos="0" name="os.vendor" value="Fortinet"/>
694
- <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
695
748
  <param pos="0" name="os.family" value="Linux"/>
696
749
  <param pos="0" name="os.device" value="Firewall"/>
697
750
  <param pos="0" name="os.product" value="FortiOS"/>
751
+ <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
698
752
  <param pos="1" name="fortinet.serial_number"/>
699
753
  </fingerprint>
754
+
700
755
  <fingerprint pattern="^CN=([A-Za-z0-9]+),O=Fortinet Ltd\.$">
701
756
  <description>Fortinet Gateway (Older)</description>
702
757
  <example fortinet.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
703
758
  <param pos="0" name="hw.vendor" value="Fortinet"/>
704
759
  <param pos="0" name="hw.device" value="Firewall"/>
705
760
  <param pos="0" name="os.vendor" value="Fortinet"/>
706
- <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
707
761
  <param pos="0" name="os.family" value="Linux"/>
708
762
  <param pos="0" name="os.device" value="Firewall"/>
709
763
  <param pos="0" name="os.product" value="FortiOS"/>
764
+ <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
710
765
  <param pos="1" name="fortinet.serial_number"/>
711
766
  </fingerprint>
767
+
712
768
  <fingerprint pattern="^CN=FortiMail,OU=FortiMail,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
713
769
  <description>Fortinet FortiMail Appliance</description>
714
770
  <example>CN=FortiMail,OU=FortiMail,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
@@ -716,11 +772,12 @@
716
772
  <param pos="0" name="hw.device" value="Appliance"/>
717
773
  <param pos="0" name="hw.product" value="FortiMail"/>
718
774
  <param pos="0" name="os.vendor" value="Fortinet"/>
719
- <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
720
775
  <param pos="0" name="os.family" value="Linux"/>
721
776
  <param pos="0" name="os.product" value="FortiOS"/>
722
777
  <param pos="0" name="os.device" value="Appliance"/>
778
+ <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
723
779
  </fingerprint>
780
+
724
781
  <fingerprint pattern="^CN=.*,OU=FortiManager,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
725
782
  <description>Fortinet FortiManager Appliance</description>
726
783
  <example>CN=FMG-VM0000000000,OU=FortiManager,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
@@ -728,11 +785,12 @@
728
785
  <param pos="0" name="hw.device" value="Appliance"/>
729
786
  <param pos="0" name="hw.product" value="FortiManager"/>
730
787
  <param pos="0" name="os.vendor" value="Fortinet"/>
731
- <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
732
788
  <param pos="0" name="os.family" value="Linux"/>
733
789
  <param pos="0" name="os.product" value="FortiOS"/>
734
790
  <param pos="0" name="os.device" value="Appliance"/>
791
+ <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
735
792
  </fingerprint>
793
+
736
794
  <fingerprint pattern="^CN=CyberoamApplianceCertificate">
737
795
  <description>Cyberoam SSL VPN</description>
738
796
  <example>CN=CyberoamApplianceCertificate_C35316263111,OU=Cyberoam Appliance,O=Cyberoam,L=Ahmedabad,ST=Gujarat,C=IN</example>
@@ -743,6 +801,7 @@
743
801
  <param pos="0" name="os.vendor" value="Cyberoam"/>
744
802
  <param pos="0" name="os.device" value="VPN"/>
745
803
  </fingerprint>
804
+
746
805
  <fingerprint pattern="^CN=UBNT\-([0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}),OU=Technical Support,O=Ubiquiti Networks Inc.,L=San Jose,ST=CA,C=US$">
747
806
  <description>Ubiquiti Wireless AP</description>
748
807
  <example host.mac="68:72:51:4B:90:16">CN=UBNT-68:72:51:4B:90:16,OU=Technical Support,O=Ubiquiti Networks Inc.,L=San Jose,ST=CA,C=US</example>
@@ -753,6 +812,7 @@
753
812
  <param pos="0" name="os.device" value="WAP"/>
754
813
  <param pos="1" name="host.mac"/>
755
814
  </fingerprint>
815
+
756
816
  <fingerprint pattern="^CN=unifi$">
757
817
  <description>Ubiquiti Controller - unifi bare</description>
758
818
  <example>CN=unifi</example>
@@ -762,6 +822,7 @@
762
822
  <param pos="0" name="os.family" value="Linux"/>
763
823
  <param pos="0" name="os.device" value="Wireless Controller"/>
764
824
  </fingerprint>
825
+
765
826
  <fingerprint pattern="^CN=UniFi,OU=UniFi,O=ubnt\.com,L=San Jose,ST=CA,C=US$">
766
827
  <description>Ubiquiti Controller - unifi</description>
767
828
  <example>CN=UniFi,OU=UniFi,O=ubnt.com,L=San Jose,ST=CA,C=US</example>
@@ -771,6 +832,7 @@
771
832
  <param pos="0" name="os.family" value="Linux"/>
772
833
  <param pos="0" name="os.device" value="Wireless Controller"/>
773
834
  </fingerprint>
835
+
774
836
  <fingerprint pattern="^CN=unifivideo-app$">
775
837
  <description>UniFi Video App</description>
776
838
  <example>CN=unifivideo-app</example>
@@ -780,6 +842,7 @@
780
842
  <param pos="0" name="hw.family" value="UniFi"/>
781
843
  <param pos="0" name="hw.device" value="Web cam"/>
782
844
  </fingerprint>
845
+
783
846
  <fingerprint pattern="^CN=camera\.ubnt\.dev,">
784
847
  <description>UniFi Video Camera</description>
785
848
  <example>CN=camera.ubnt.dev,OU=devint,O=Ubiquiti Networks Inc.,L=Taipei,C=TW</example>
@@ -790,6 +853,7 @@
790
853
  <param pos="0" name="os.family" value="Linux"/>
791
854
  <param pos="0" name="os.device" value="Web cam"/>
792
855
  </fingerprint>
856
+
793
857
  <fingerprint pattern="^CN=UBNT,OU=Technical Support,O=Ubiquiti Networks Inc\.,L=San Jose,ST=CA,C=US$">
794
858
  <description>Ubiquiti Controller</description>
795
859
  <example>CN=UBNT,OU=Technical Support,O=Ubiquiti Networks Inc.,L=San Jose,ST=CA,C=US</example>
@@ -799,6 +863,7 @@
799
863
  <param pos="0" name="os.family" value="Linux"/>
800
864
  <param pos="0" name="os.device" value="Wireless Controller"/>
801
865
  </fingerprint>
866
+
802
867
  <fingerprint pattern="^CN=CloudKey,O=Ubiquiti Networks,L=San Jose,ST=CA,C=US$">
803
868
  <description>Ubiquiti CloudKey Controller</description>
804
869
  <example>CN=CloudKey,O=Ubiquiti Networks,L=San Jose,ST=CA,C=US</example>
@@ -810,6 +875,7 @@
810
875
  <param pos="0" name="os.device" value="Wireless Controller"/>
811
876
  <param pos="0" name="os.product" value="CloudKey"/>
812
877
  </fingerprint>
878
+
813
879
  <fingerprint pattern="^CN=UBNT Router UI,O=Ubiquiti Networks,L=San Jose,ST=CA,C=US$">
814
880
  <description>Ubiquiti Router</description>
815
881
  <example>CN=UBNT Router UI,O=Ubiquiti Networks,L=San Jose,ST=CA,C=US</example>
@@ -819,6 +885,7 @@
819
885
  <param pos="0" name="os.family" value="Linux"/>
820
886
  <param pos="0" name="os.device" value="Router"/>
821
887
  </fingerprint>
888
+
822
889
  <fingerprint pattern="^CN=UniFi-Video Controller,OU=R&amp;D,O=Ubiquiti Networks,L=New York,ST=NY,C=US$">
823
890
  <description>Ubiquiti Video Controller</description>
824
891
  <example>CN=UniFi-Video Controller,OU=R&amp;D,O=Ubiquiti Networks,L=New York,ST=NY,C=US</example>
@@ -829,13 +896,15 @@
829
896
  <param pos="0" name="os.family" value="Linux"/>
830
897
  <param pos="0" name="os.device" value="DVR"/>
831
898
  </fingerprint>
899
+
832
900
  <fingerprint pattern="^CN=GreenWave Systems,OU=PKI,O=GreenWave Systems,L=Irvine,ST=California,C=US$">
833
901
  <description>Verizon / Greenwave FIOS Router</description>
834
902
  <example>CN=GreenWave Systems,OU=PKI,O=GreenWave Systems,L=Irvine,ST=California,C=US</example>
835
903
  <param pos="0" name="hw.vendor" value="Greenwave Systems"/>
836
- <param pos="0" name="hw.device" value="Broadband Router"/>
904
+ <param pos="0" name="hw.device" value="Broadband router"/>
837
905
  <param pos="0" name="hw.product" value="Verizon FiOS Router"/>
838
906
  </fingerprint>
907
+
839
908
  <fingerprint pattern="^CN=PoliWall,OU=Bandura Labs,O=Bandura\\, LLC\.,L=Lake Saint Louis,ST=Missouri,C=US$">
840
909
  <description>PoliWall Firewall Original</description>
841
910
  <example>CN=PoliWall,OU=Bandura Labs,O=Bandura\, LLC.,L=Lake Saint Louis,ST=Missouri,C=US</example>
@@ -843,6 +912,7 @@
843
912
  <param pos="0" name="hw.device" value="Firewall"/>
844
913
  <param pos="0" name="hw.product" value="PoliWall"/>
845
914
  </fingerprint>
915
+
846
916
  <fingerprint pattern="^CN=poliwall,OU=IT,O=Bandura,L=St\. Louis,ST=Missouri,C=US$">
847
917
  <description>PoliWall Firewall Newer Cert</description>
848
918
  <example>CN=poliwall,OU=IT,O=Bandura,L=St. Louis,ST=Missouri,C=US</example>
@@ -850,6 +920,7 @@
850
920
  <param pos="0" name="hw.device" value="Firewall"/>
851
921
  <param pos="0" name="hw.product" value="PoliWall"/>
852
922
  </fingerprint>
923
+
853
924
  <fingerprint pattern="^CN=pfSense-[a-zA-Z0-9]+,O=pfSense webConfigurator Self-Signed Certificate">
854
925
  <description>pfSense Firewall</description>
855
926
  <example>CN=pfSense-58fb5b0b06777,O=pfSense webConfigurator Self-Signed Certificate,L=Locality,ST=State,C=US</example>
@@ -860,6 +931,7 @@
860
931
  <param pos="0" name="os.vendor" value="pfSense"/>
861
932
  <param pos="0" name="os.product" value="FreeBSD"/>
862
933
  </fingerprint>
934
+
863
935
  <fingerprint pattern="^CN=Common Name \(eg\\, YOUR name\),OU=Organizational Unit Name \(eg\\, section\),O=CompanyName,L=Somecity,ST=Somewhere,C=US$">
864
936
  <description>pfSense Firewall Default Certificate</description>
865
937
  <example>CN=Common Name (eg\, YOUR name),OU=Organizational Unit Name (eg\, section),O=CompanyName,L=Somecity,ST=Somewhere,C=US</example>
@@ -869,6 +941,7 @@
869
941
  <param pos="0" name="os.vendor" value="pfSense"/>
870
942
  <param pos="0" name="os.product" value="FreeBSD"/>
871
943
  </fingerprint>
944
+
872
945
  <fingerprint pattern="^O=OPNsense,L=Middelharnis,ST=Zuid-Holland,C=NL$">
873
946
  <description>OPNsense Firewall</description>
874
947
  <example>O=OPNsense,L=Middelharnis,ST=Zuid-Holland,C=NL</example>
@@ -878,6 +951,7 @@
878
951
  <param pos="0" name="os.vendor" value="OPNsense"/>
879
952
  <param pos="0" name="os.product" value="FreeBSD"/>
880
953
  </fingerprint>
954
+
881
955
  <fingerprint pattern="^CN=NetVanta,O=ADTRAN\\, Inc\.,L=Huntsville,ST=AL,C=US$" certainty="0.9">
882
956
  <description>ADTRAN Netvanta Router</description>
883
957
  <example>CN=NetVanta,O=ADTRAN\, Inc.,L=Huntsville,ST=AL,C=US</example>
@@ -888,6 +962,7 @@
888
962
  <param pos="0" name="hw.vendor" value="ADTRAN"/>
889
963
  <param pos="0" name="hw.family" value="NetVanta"/>
890
964
  </fingerprint>
965
+
891
966
  <fingerprint pattern="^CN=SophosApplianceCertificate">
892
967
  <description>Sophos Appliance</description>
893
968
  <example>CN=SophosApplianceCertificate_C330AC22W713PAF,OU=OU,O=Green House Data,L=Cheyenne,ST=WY,C=US</example>
@@ -896,6 +971,7 @@
896
971
  <param pos="0" name="hw.vendor" value="Sophos"/>
897
972
  <param pos="0" name="hw.device" value="Appliance"/>
898
973
  </fingerprint>
974
+
899
975
  <fingerprint pattern="^CN=Hubitat Elevation,OU=Hub,O=Hubitat\\, Inc\.,L=Scottsdale,ST=Arizona,C=US$">
900
976
  <description>Hubitat Device Hub</description>
901
977
  <example>CN=Hubitat Elevation,OU=Hub,O=Hubitat\, Inc.,L=Scottsdale,ST=Arizona,C=US</example>
@@ -905,22 +981,25 @@
905
981
  <param pos="0" name="os.vendor" value="Hubitat"/>
906
982
  <param pos="0" name="os.product" value="Linux"/>
907
983
  </fingerprint>
984
+
908
985
  <fingerprint pattern="^CN=MAC([a-fA-F0-9]{12}),OU=([^,]+),O=Mercury Security Products\\, LLC,L=Long Beach,ST=CA,C=US$">
909
986
  <description>Mercurity Security (now HID Global)</description>
910
987
  <example hw.product="M5IC" host.mac="000FE507A1F1">CN=MAC000FE507A1F1,OU=M5IC,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
911
988
  <example hw.product="EP-1502" host.mac="000FE508BC71">CN=MAC000FE508BC71,OU=EP-1502,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
912
989
  <param pos="0" name="hw.vendor" value="Mercury Security"/>
913
- <param pos="0" name="hw.device" value="Access Controller"/>
990
+ <param pos="0" name="hw.device" value="Access Control"/>
914
991
  <param pos="1" name="host.mac"/>
915
992
  <param pos="2" name="hw.product"/>
916
993
  </fingerprint>
994
+
917
995
  <fingerprint pattern="^CN=Mercury Security EP-series,O=Mercury Security Corp\.,L=Long Beach,ST=CA,C=US$">
918
996
  <description>Mercurity Security (now HID Global) No MAC</description>
919
997
  <example>CN=Mercury Security EP-series,O=Mercury Security Corp.,L=Long Beach,ST=CA,C=US</example>
920
998
  <param pos="0" name="hw.vendor" value="Mercury Security"/>
921
- <param pos="0" name="hw.device" value="Access Controller"/>
999
+ <param pos="0" name="hw.device" value="Access Control"/>
922
1000
  <param pos="0" name="hw.product" value="EP-series"/>
923
1001
  </fingerprint>
1002
+
924
1003
  <fingerprint pattern="^CN=securelogin.arubanetworks.com,">
925
1004
  <description>Aruba Wireless Controller</description>
926
1005
  <example>CN=securelogin.arubanetworks.com,O=Aruba Networks,C=US</example>
@@ -929,24 +1008,27 @@
929
1008
  <param pos="0" name="hw.device" value="Wireless Controller"/>
930
1009
  <param pos="0" name="hw.product" value="Captive Portal"/>
931
1010
  </fingerprint>
1011
+
932
1012
  <fingerprint pattern="^CN=Fireware web CA,OU=Fireware,O=WatchGuard$">
933
1013
  <description>WatchGuard Firewall</description>
934
1014
  <example>CN=Fireware web CA,OU=Fireware,O=WatchGuard</example>
935
1015
  <param pos="0" name="hw.vendor" value="WatchGuard"/>
936
1016
  <param pos="0" name="hw.device" value="Firewall"/>
937
1017
  <param pos="0" name="os.vendor" value="WatchGuard"/>
938
- <param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
939
1018
  <param pos="0" name="os.product" value="Fireware"/>
1019
+ <param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
940
1020
  </fingerprint>
1021
+
941
1022
  <fingerprint pattern="^CN=[0-9\.]+,OU=SSL-VPN,O=SonicWALL\\, Inc\.,L=Sunnyvale,ST=CA,C=US$">
942
1023
  <description>SonicWALL Firewall</description>
943
1024
  <example>CN=192.168.200.1,OU=SSL-VPN,O=SonicWALL\, Inc.,L=Sunnyvale,ST=CA,C=US</example>
944
- <param pos="0" name="hw.vendor" value="SonicWALL"/>
1025
+ <param pos="0" name="hw.vendor" value="SonicWall"/>
945
1026
  <param pos="0" name="hw.device" value="VPN"/>
946
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1027
+ <param pos="0" name="os.vendor" value="SonicWall"/>
947
1028
  <param pos="0" name="os.product" value="VPN"/>
948
1029
  <param pos="0" name="os.family" value="VPN"/>
949
1030
  </fingerprint>
1031
+
950
1032
  <fingerprint pattern="^CN=.*\.akamai\.net,O=Akamai Technologies\\, Inc\.,L=Cambridge,ST=Massachusetts,C=US$">
951
1033
  <description>Akamai Global Host</description>
952
1034
  <example>CN=a248.e.akamai.net,O=Akamai Technologies\, Inc.,L=Cambridge,ST=Massachusetts,C=US</example>
@@ -955,6 +1037,7 @@
955
1037
  <param pos="0" name="os.vendor" value="Akamai"/>
956
1038
  <param pos="0" name="os.device" value="Web proxy"/>
957
1039
  </fingerprint>
1040
+
958
1041
  <fingerprint pattern="^CN=HP_3PAR_">
959
1042
  <description>HP 3PAR</description>
960
1043
  <example>CN=HP_3PAR_1626615</example>
@@ -963,6 +1046,7 @@
963
1046
  <param pos="0" name="hw.device" value="Storage"/>
964
1047
  <param pos="0" name="hw.product" value="3PAR"/>
965
1048
  </fingerprint>
1049
+
966
1050
  <fingerprint pattern="^CN=(?:alienvault|VirtualUSMAllInOne)$">
967
1051
  <description>Alienvault OSSIM</description>
968
1052
  <example>CN=alienvault</example>
@@ -972,6 +1056,7 @@
972
1056
  <param pos="0" name="os.product" value="OSSIM"/>
973
1057
  <param pos="0" name="os.family" value="Linux"/>
974
1058
  </fingerprint>
1059
+
975
1060
  <fingerprint pattern="^CN=Canon (iR-[a-zA-Z0-9\.\-\_]+)$">
976
1061
  <description>Canon iR-ADV Printer with product info</description>
977
1062
  <example os.product="iR-ADV">CN=Canon iR-ADV</example>
@@ -982,6 +1067,7 @@
982
1067
  <param pos="1" name="hw.product"/>
983
1068
  <param pos="1" name="os.product"/>
984
1069
  </fingerprint>
1070
+
985
1071
  <fingerprint pattern="^CN=Canon Imaging Product$">
986
1072
  <description>Canon iR-ADV Printer</description>
987
1073
  <example>CN=Canon Imaging Product</example>
@@ -990,6 +1076,7 @@
990
1076
  <param pos="0" name="os.device" value="Printer"/>
991
1077
  <param pos="0" name="os.vendor" value="Canon"/>
992
1078
  </fingerprint>
1079
+
993
1080
  <fingerprint pattern="^CN=ScanFront$">
994
1081
  <description>Canon ScanFront Simple</description>
995
1082
  <example>CN=ScanFront</example>
@@ -1000,6 +1087,7 @@
1000
1087
  <param pos="0" name="os.vendor" value="Canon"/>
1001
1088
  <param pos="0" name="os.product" value="ScanFront"/>
1002
1089
  </fingerprint>
1090
+
1003
1091
  <fingerprint pattern="^CN=ScanFront,OU=IMS,O=CANON ELECTRONICS INC\.,L=Minato-ku,ST=Tokyo,C=JP$">
1004
1092
  <description>Canon ScanFront Full</description>
1005
1093
  <example>CN=ScanFront,OU=IMS,O=CANON ELECTRONICS INC.,L=Minato-ku,ST=Tokyo,C=JP</example>
@@ -1010,6 +1098,7 @@
1010
1098
  <param pos="0" name="os.vendor" value="Canon"/>
1011
1099
  <param pos="0" name="os.product" value="ScanFront"/>
1012
1100
  </fingerprint>
1101
+
1013
1102
  <fingerprint pattern="^CN=tnsappliance.*,O=Tenable Network Security\\, Inc\.,L=Columbia,ST=Maryland,C=US$">
1014
1103
  <description>Tenable Appliance</description>
1015
1104
  <example>CN=tnsappliance-b088a321,OU=--,O=Tenable Network Security\, Inc.,L=Columbia,ST=Maryland,C=US</example>
@@ -1021,6 +1110,7 @@
1021
1110
  <param pos="0" name="os.vendor" value="Tenable"/>
1022
1111
  <param pos="0" name="os.product" value="Tenable Core"/>
1023
1112
  </fingerprint>
1113
+
1024
1114
  <fingerprint pattern="^CN=extrahop,OU=extrahop\.com,O=ExtraHop,C=US$">
1025
1115
  <description>ExtraHop Appliance</description>
1026
1116
  <example>CN=extrahop,OU=extrahop.com,O=ExtraHop,C=US</example>
@@ -1031,6 +1121,7 @@
1031
1121
  <param pos="0" name="os.vendor" value="ExtraHop"/>
1032
1122
  <param pos="0" name="os.product" value="Discover"/>
1033
1123
  </fingerprint>
1124
+
1034
1125
  <fingerprint pattern="^CN=Ruckus Wireless ZoneDirector SN-(\d+),O=Ruckus Wireless\\, Inc\.,ST=CA,C=US$">
1035
1126
  <description>Ruckus Zone Director</description>
1036
1127
  <example ruckus.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
@@ -1042,6 +1133,7 @@
1042
1133
  <param pos="0" name="os.product" value="Zone Director"/>
1043
1134
  <param pos="1" name="ruckus.serial_number"/>
1044
1135
  </fingerprint>
1136
+
1045
1137
  <fingerprint pattern="^CN=DT([^\s]+) Series,O=NEC Corporation,ST=Tokyo,C=JP$">
1046
1138
  <description>NEC DT Series IP Phone</description>
1047
1139
  <example>CN=DT800 Series,O=NEC Corporation,ST=Tokyo,C=JP</example>
@@ -1051,6 +1143,7 @@
1051
1143
  <param pos="0" name="hw.device" value="VoIP"/>
1052
1144
  <param pos="1" name="hw.product"/>
1053
1145
  </fingerprint>
1146
+
1054
1147
  <fingerprint pattern="^CN=([a-fA-F0-9]{12}),O=Polycom Inc\.$">
1055
1148
  <description>Polycom SoundPoint IP Phone</description>
1056
1149
  <example host.mac="64167F169981">CN=64167F169981,O=Polycom Inc.</example>
@@ -1061,6 +1154,7 @@
1061
1154
  <param pos="0" name="hw.product" value="SoundPoint"/>
1062
1155
  <param pos="1" name="host.mac"/>
1063
1156
  </fingerprint>
1157
+
1064
1158
  <fingerprint pattern="^CN=EN Software Production &amp; Release,OU=Enterprise Networks,O=Siemens AG,L=Munich,ST=Germany,C=DE$">
1065
1159
  <description>Siemens EN Software</description>
1066
1160
  <example>CN=EN Software Production &amp; Release,OU=Enterprise Networks,O=Siemens AG,L=Munich,ST=Germany,C=DE</example>
@@ -1069,6 +1163,7 @@
1069
1163
  <param pos="0" name="hw.vendor" value="Siemens"/>
1070
1164
  <param pos="0" name="hw.device" value="VoIP"/>
1071
1165
  </fingerprint>
1166
+
1072
1167
  <fingerprint pattern="^CN=SecureConnect server,O=Quest,ST=CA,C=US$">
1073
1168
  <description>SecureConnect SSL VPN</description>
1074
1169
  <example>CN=SecureConnect server,O=Quest,ST=CA,C=US</example>
@@ -1077,6 +1172,7 @@
1077
1172
  <param pos="0" name="os.vendor" value="SecureConnect"/>
1078
1173
  <param pos="0" name="os.device" value="VPN"/>
1079
1174
  </fingerprint>
1175
+
1080
1176
  <fingerprint pattern="^CN=RecoverPoint,OU=Data Protection and Availability Division,O=EMC Corporation,L=Hopkinton,ST=Massachusetts,C=US$">
1081
1177
  <description>RecoverPoint Appliance</description>
1082
1178
  <example>CN=RecoverPoint,OU=Data Protection and Availability Division,O=EMC Corporation,L=Hopkinton,ST=Massachusetts,C=US</example>
@@ -1087,6 +1183,7 @@
1087
1183
  <param pos="0" name="os.vendor" value="EMC"/>
1088
1184
  <param pos="0" name="os.product" value="RecoverPoint"/>
1089
1185
  </fingerprint>
1186
+
1090
1187
  <fingerprint pattern="^CN=[a-fA-F0-9]+,O=Palo Alto Networks,L=Santa Clara,ST=CA,C=US$">
1091
1188
  <description>Palo Alto Firewall</description>
1092
1189
  <example>CN=d9fc2294968367a3a8ad1acd4c816c78444e6ea4d69869b40cc9751951fd3693,O=Palo Alto Networks,L=Santa Clara,ST=CA,C=US</example>
@@ -1096,12 +1193,14 @@
1096
1193
  <param pos="0" name="os.product" value="PANOS"/>
1097
1194
  <param pos="0" name="os.device" value="Firewall"/>
1098
1195
  </fingerprint>
1196
+
1099
1197
  <fingerprint pattern="^CN=VMware default certificate,OU=vCenterServer.*,O=VMware\\, Inc\.$">
1100
1198
  <description>VMWare vCenter</description>
1101
1199
  <example>CN=VMware default certificate,OU=vCenterServer_2013.09.26_220623,O=VMware\, Inc.</example>
1102
- <param pos="0" name="service.vendor" value="VMWare"/>
1200
+ <param pos="0" name="service.vendor" value="VMware"/>
1103
1201
  <param pos="0" name="service.product" value="vCenter"/>
1104
1202
  </fingerprint>
1203
+
1105
1204
  <fingerprint pattern="^CN=selfappliance,OU=Engineering,O=Symplified,L=Boulder,ST=Colorado,C=US$">
1106
1205
  <description>Symplified IAM Appliance (now RSA)</description>
1107
1206
  <example>CN=selfappliance,OU=Engineering,O=Symplified,L=Boulder,ST=Colorado,C=US</example>
@@ -1109,12 +1208,14 @@
1109
1208
  <param pos="0" name="hw.device" value="Appliance"/>
1110
1209
  <param pos="0" name="hw.product" value="IAM"/>
1111
1210
  </fingerprint>
1211
+
1112
1212
  <fingerprint pattern="^CN=OpenWrt,L=Leipzig,ST=Saxony,C=DE$">
1113
1213
  <description>OpenWRT WAP</description>
1114
1214
  <example>CN=OpenWrt,L=Leipzig,ST=Saxony,C=DE</example>
1115
1215
  <param pos="0" name="os.vendor" value="OpenWRT"/>
1116
1216
  <param pos="0" name="os.device" value="WAP"/>
1117
1217
  </fingerprint>
1218
+
1118
1219
  <fingerprint pattern="^CN=axis-([a-fA-F0-9]{12}),O=Axis Communications AB$">
1119
1220
  <description>Axis Communications Web Cam</description>
1120
1221
  <example host.mac="accc8ea31abf">CN=axis-accc8ea31abf,O=Axis Communications AB</example>
@@ -1125,6 +1226,7 @@
1125
1226
  <param pos="0" name="os.family" value="Linux"/>
1126
1227
  <param pos="1" name="host.mac"/>
1127
1228
  </fingerprint>
1229
+
1128
1230
  <fingerprint pattern="^CN=([^,]+),OU=Nortek,O=ELAN,L=StuddardMD,ST=[^,]+,C=US$">
1129
1231
  <description>ELAN Web Cam</description>
1130
1232
  <example host.name="ServerRoom">CN=ServerRoom,OU=Nortek,O=ELAN,L=StuddardMD,ST=10000,C=US</example>
@@ -1136,6 +1238,7 @@
1136
1238
  <param pos="0" name="os.family" value="Linux"/>
1137
1239
  <param pos="1" name="host.name"/>
1138
1240
  </fingerprint>
1241
+
1139
1242
  <fingerprint pattern="^CN=Dell_OpenManage.*,OU=PG,O=Dell Inc\.,ST=Texas,C=US$">
1140
1243
  <description>Dell OpenManage</description>
1141
1244
  <example>CN=Dell_OpenManage01,OU=PG,O=Dell Inc.,ST=Texas,C=US</example>
@@ -1146,6 +1249,7 @@
1146
1249
  <param pos="0" name="os.device" value="Appliance"/>
1147
1250
  <param pos="0" name="os.family" value="Linux"/>
1148
1251
  </fingerprint>
1252
+
1149
1253
  <fingerprint pattern="^CN=Equallogic PS Array,OU=Dell Equallogic,O=Dell Inc\.,L=Nashua,ST=New Hampshire,C=US$">
1150
1254
  <description>Dell EqualLogic PS Array</description>
1151
1255
  <example>CN=Equallogic PS Array,OU=Dell Equallogic,O=Dell Inc.,L=Nashua,ST=New Hampshire,C=US</example>
@@ -1156,6 +1260,7 @@
1156
1260
  <param pos="0" name="os.device" value="Storage"/>
1157
1261
  <param pos="0" name="os.product" value="EqualLogic"/>
1158
1262
  </fingerprint>
1263
+
1159
1264
  <fingerprint pattern="^CN=opennac\.test,L=Madrid,ST=Madrid,C=ES$">
1160
1265
  <description>OpenNAC Appliance</description>
1161
1266
  <example>CN=opennac.test,L=Madrid,ST=Madrid,C=ES</example>
@@ -1166,6 +1271,7 @@
1166
1271
  <param pos="0" name="os.family" value="Linux"/>
1167
1272
  <param pos="0" name="os.product" value="Linux"/>
1168
1273
  </fingerprint>
1274
+
1169
1275
  <fingerprint pattern="^CN=SmartEdge Sensor,O=AirMagnet,L=Sunnyvale,ST=California,C=US$">
1170
1276
  <description>AirMagnet SmartEdge Sensor</description>
1171
1277
  <example>CN=SmartEdge Sensor,O=AirMagnet,L=Sunnyvale,ST=California,C=US</example>
@@ -1173,6 +1279,7 @@
1173
1279
  <param pos="0" name="hw.device" value="Wireless Controller"/>
1174
1280
  <param pos="0" name="hw.product" value="SmartEdge Sensor"/>
1175
1281
  </fingerprint>
1282
+
1176
1283
  <fingerprint pattern="^CN=Sensor WebUI,O=AirDefense Inc.,L=Alpharetta,ST=GA,C=US$">
1177
1284
  <description>AirDefense Inc Sensor</description>
1178
1285
  <example>CN=Sensor WebUI,O=AirDefense Inc.,L=Alpharetta,ST=GA,C=US</example>
@@ -1180,6 +1287,7 @@
1180
1287
  <param pos="0" name="hw.device" value="Wireless Controller"/>
1181
1288
  <param pos="0" name="hw.product" value="Sensor"/>
1182
1289
  </fingerprint>
1290
+
1183
1291
  <fingerprint pattern="^CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US$">
1184
1292
  <description>Aerohive Access Point</description>
1185
1293
  <example>CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US</example>
@@ -1190,16 +1298,18 @@
1190
1298
  <param pos="0" name="os.family" value="Linux"/>
1191
1299
  <param pos="0" name="os.product" value="Linux"/>
1192
1300
  </fingerprint>
1301
+
1193
1302
  <fingerprint pattern="^CN=(usg[^_]+)_([a-fA-F0-9]{12})$">
1194
1303
  <description>ZyWall Router</description>
1195
1304
  <example hw.product="usg20w" host.mac="5CF4AB615FAC">CN=usg20w_5CF4AB615FAC</example>
1196
1305
  <example hw.product="usg20w" host.mac="5067F0BC1D3C">CN=usg20w_5067F0BC1D3C</example>
1197
1306
  <example hw.product="usg20" host.mac="107BEF0AD201">CN=usg20_107BEF0AD201</example>
1198
- <param pos="0" name="hw.vendor" value="ZyWall"/>
1199
- <param pos="0" name="hw.device" value="Broadband Router"/>
1307
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1308
+ <param pos="0" name="hw.device" value="Broadband router"/>
1200
1309
  <param pos="1" name="hw.product"/>
1201
1310
  <param pos="2" name="host.mac"/>
1202
1311
  </fingerprint>
1312
+
1203
1313
  <fingerprint pattern="^CN=([a-fA-F0-9]{16}),O=Philips Hue,C=NL$">
1204
1314
  <description>Philips Hue Personal Wireless Lighting</description>
1205
1315
  <example host.mac_eui64="001788fffe4f1999">CN=001788fffe4f1999,O=Philips Hue,C=NL</example>
@@ -1208,6 +1318,7 @@
1208
1318
  <param pos="0" name="hw.device" value="Light Bulb"/>
1209
1319
  <param pos="1" name="host.mac_eui64"/>
1210
1320
  </fingerprint>
1321
+
1211
1322
  <fingerprint pattern="^CN=www\.ibm\.com,OU=IBM i Service,L=Rochester,ST=Minnesota,C=US$">
1212
1323
  <description>IBM iSeries Service Console</description>
1213
1324
  <example>CN=www.ibm.com,OU=IBM i Service,L=Rochester,ST=Minnesota,C=US</example>
@@ -1216,6 +1327,7 @@
1216
1327
  <param pos="0" name="os.product" value="OS/400"/>
1217
1328
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
1218
1329
  </fingerprint>
1330
+
1219
1331
  <fingerprint pattern="^CN=.*\.ip\.kaptivo\.live,">
1220
1332
  <description>Kaptivo Whiteboard</description>
1221
1333
  <example>CN=*.ip.kaptivo.live,OU=Domain Control Validated+OU=PositiveSSL Wildcard</example>
@@ -1223,6 +1335,7 @@
1223
1335
  <param pos="0" name="hw.product" value="Whiteboard"/>
1224
1336
  <param pos="0" name="hw.device" value="Whiteboard"/>
1225
1337
  </fingerprint>
1338
+
1226
1339
  <fingerprint pattern="^CN=.*,OU=Network Security Management,O=FireEye\\, Inc\.,L=Milpitas,ST=California,C=US$">
1227
1340
  <description>FireEye Appliance</description>
1228
1341
  <example>CN=noc-feye-ex2,OU=Network Security Management,O=FireEye\, Inc.,L=Milpitas,ST=California,C=US</example>
@@ -1230,6 +1343,7 @@
1230
1343
  <param pos="0" name="hw.product" value="Appliance"/>
1231
1344
  <param pos="0" name="hw.device" value="Security Appliance"/>
1232
1345
  </fingerprint>
1346
+
1233
1347
  <fingerprint pattern="^CN=.*,OU=IA,O=FireEye,L=Charlottesville,ST=Virginia,C=US$">
1234
1348
  <description>FireEye Investigation Analysis System Appliance</description>
1235
1349
  <example>CN=noc-feye-ia2,OU=IA,O=FireEye,L=Charlottesville,ST=Virginia,C=US</example>
@@ -1237,6 +1351,7 @@
1237
1351
  <param pos="0" name="hw.product" value="IA Appliance"/>
1238
1352
  <param pos="0" name="hw.device" value="Security Appliance"/>
1239
1353
  </fingerprint>
1354
+
1240
1355
  <fingerprint pattern="^CN=.*,OU=Gigamon Network Visibility Systems,O=Gigamon Inc\.,L=Santa Clara,ST=California,C=US$">
1241
1356
  <description>Gigamon GigaVUE Appliance</description>
1242
1357
  <example>CN=gvue01,OU=Gigamon Network Visibility Systems,O=Gigamon Inc.,L=Santa Clara,ST=California,C=US</example>
@@ -1244,6 +1359,7 @@
1244
1359
  <param pos="0" name="hw.device" value="Monitoring"/>
1245
1360
  <param pos="0" name="hw.product" value="GigaVUE"/>
1246
1361
  </fingerprint>
1362
+
1247
1363
  <fingerprint pattern="^CN=.*,OU=Telliris,O=DAC Systems,L=Shelton,ST=Connecticut,C=US$">
1248
1364
  <description>Telliris IVR</description>
1249
1365
  <example>CN=Telliris-IVR,OU=Telliris,O=DAC Systems,L=Shelton,ST=Connecticut,C=US</example>
@@ -1251,13 +1367,15 @@
1251
1367
  <param pos="0" name="hw.device" value="Voice Appliance"/>
1252
1368
  <param pos="0" name="hw.product" value="IVR"/>
1253
1369
  </fingerprint>
1254
- <fingerprint pattern="^CN=SLS,O=Lantronix,L=Irvine,ST=California,C=US$">
1370
+
1371
+ <fingerprint pattern="^CN=SLS,O=Lantronix,L=Irvine,ST=California,C=US$">
1255
1372
  <description>Lantronix SLS terminal server</description>
1256
1373
  <example>CN=SLS,O=Lantronix,L=Irvine,ST=California,C=US</example>
1257
1374
  <param pos="0" name="hw.vendor" value="Lantronix"/>
1258
1375
  <param pos="0" name="hw.device" value="Device Server"/>
1259
1376
  <param pos="0" name="hw.product" value="SLS"/>
1260
1377
  </fingerprint>
1378
+
1261
1379
  <fingerprint pattern="^CN=Tintri Default Certificate,OU=Tintri Server Certificate,O=Tintri\\, Inc\.,L=Mountain View,ST=CA,C=US$">
1262
1380
  <description>Tintri Storage Appliance</description>
1263
1381
  <example>CN=Tintri Default Certificate,OU=Tintri Server Certificate,O=Tintri\, Inc.,L=Mountain View,ST=CA,C=US</example>
@@ -1265,4 +1383,48 @@
1265
1383
  <param pos="0" name="hw.device" value="NAS"/>
1266
1384
  <param pos="0" name="hw.product" value="Storage Appliance"/>
1267
1385
  </fingerprint>
1268
- </fingerprints>
1386
+
1387
+ <fingerprint pattern="^CN=axonius,O=Axonius\\, Inc,L=New York City,ST=New York,C=US$">
1388
+ <description>Axonius Appliance</description>
1389
+ <example>CN=axonius,O=Axonius\, Inc,L=New York City,ST=New York,C=US</example>
1390
+ <param pos="0" name="hw.vendor" value="Axonius"/>
1391
+ <param pos="0" name="hw.device" value="Security Appliance"/>
1392
+ <param pos="0" name="hw.product" value="Asset Management"/>
1393
+ </fingerprint>
1394
+
1395
+ <fingerprint pattern="^CN=AVIGILON-CAMERA-([a-zA-Z0-9\.\-]+)-\d+,OU=Certification Manager,O=Avigilon Corporation,L=Vancouver,ST=British Columbia,C=CA$">
1396
+ <description>Avigilon IP Camera</description>
1397
+ <example hw.product="5.0-H3-DP1">CN=AVIGILON-CAMERA-5.0-H3-DP1-1242900,OU=Certification Manager,O=Avigilon Corporation,L=Vancouver,ST=British Columbia,C=CA</example>
1398
+ <param pos="0" name="hw.vendor" value="Avigilon"/>
1399
+ <param pos="0" name="hw.device" value="IP Camera"/>
1400
+ <param pos="1" name="hw.product"/>
1401
+ <param pos="0" name="os.vendor" value="Avigilon"/>
1402
+ <param pos="0" name="os.family" value="Linux"/>
1403
+ <param pos="0" name="os.product" value="Linux"/>
1404
+ </fingerprint>
1405
+
1406
+ <fingerprint pattern="^CN=TCAM,OU=Security,O=Truen,L=Seoul,ST=Seoul,C=KR$">
1407
+ <description>Truen IP Camera (Often Rebranded)</description>
1408
+ <example>CN=TCAM,OU=Security,O=Truen,L=Seoul,ST=Seoul,C=KR</example>
1409
+ <param pos="0" name="hw.certainty" value="0.5"/>
1410
+ <param pos="0" name="hw.vendor" value="Truen"/>
1411
+ <param pos="0" name="hw.device" value="IP Camera"/>
1412
+ <param pos="0" name="os.certainty" value="0.5"/>
1413
+ <param pos="0" name="os.vendor" value="Truen"/>
1414
+ <param pos="0" name="os.family" value="Linux"/>
1415
+ <param pos="0" name="os.product" value="Linux"/>
1416
+ </fingerprint>
1417
+
1418
+ <fingerprint pattern="^CN=device.wilibox.com,OU=R&amp;D,O=WILIBOX UAB,L=Kaunas,ST=-,C=LT$">
1419
+ <description>LigoWave Outdoor AP</description>
1420
+ <example>CN=device.wilibox.com,OU=R&amp;D,O=WILIBOX UAB,L=Kaunas,ST=-,C=LT</example>
1421
+ <param pos="0" name="hw.certainty" value="0.50"/>
1422
+ <param pos="0" name="hw.vendor" value="LigoWave"/>
1423
+ <param pos="0" name="hw.device" value="WAP"/>
1424
+ <param pos="0" name="os.certainty" value="0.5"/>
1425
+ <param pos="0" name="os.vendor" value="LigoWave"/>
1426
+ <param pos="0" name="os.family" value="Linux"/>
1427
+ <param pos="0" name="os.product" value="Linux"/>
1428
+ </fingerprint>
1429
+
1430
+ </fingerprints>