recog 2.3.19 → 2.3.20

data/xml/http_wwwauth.xml

@@ -192,10 +192,20 @@
     <param pos="0" name="service.family" value="GoAhead Webserver"/>
   </fingerprint>
 
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Logitech Media Server&quot;.*$">
+    <description>Logitech Media server</description>
+    <example>Basic realm="Logitech Media Server"</example>
+    <param pos="0" name="service.vendor" value="Logitech"/>
+    <param pos="0" name="service.product" value="Squeezebox"/>
+  </fingerprint>
+
   <fingerprint pattern="^(?:Basic|Digest) realm=&quot;kubernetes-master&quot;.*$">
     <description>Kubernetes master nodes</description>
     <example>Basic realm="kubernetes-master"</example>
     <param pos="0" name="service.vendor" value="Kubernetes"/>
+    <param pos="0" name="service.family" value="Kubernetes"/>
+    <param pos="0" name="service.product" value="Kubernetes"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
   </fingerprint>
 
   <fingerprint pattern="(?i)^(?:Basic|Digest) realm=&quot;RUIJIE(?:-CPE)?&quot;.*$">
@@ -326,29 +336,35 @@
 
   <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(TD-[VW8][A-Z0-9]+)(?:| \d+\.\d+)&quot;$">
     <description>TP-LINK SoHo Router - dash variant</description>
-    <example>Basic realm="TD-W8901G"</example>
+    <example os.product="TD-W8901G">Basic realm="TD-W8901G"</example>
     <example>Basic realm="TD-8840T 2.0"</example>
-    <example>Basic realm="TD-8811"</example>
+    <example hw.product="TD-8811">Basic realm="TD-8811"</example>
     <param pos="0" name="os.vendor" value="TP-LINK"/>
     <param pos="0" name="os.device" value="Router"/>
     <param pos="1" name="os.product"/>
+    <param pos="0" name="hw.vendor" value="TP-LINK"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="1" name="hw.product"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(TD8[A-Z0-9]+)&quot;$">
     <description>TP-LINK SoHo Router</description>
-    <example>Basic realm="TD854W"</example>
-    <example>Basic realm="TD811"</example>
+    <example os.product="TD854W">Basic realm="TD854W"</example>
+    <example hw.product="TD811">Basic realm="TD811"</example>
     <example>Basic realm="TD821"</example>
     <example>Basic realm="TD841"</example>
     <param pos="0" name="os.vendor" value="TP-LINK"/>
     <param pos="0" name="os.device" value="Router"/>
     <param pos="1" name="os.product"/>
+    <param pos="0" name="hw.vendor" value="TP-LINK"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="1" name="hw.product"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:Basic|Digest) realm=&quot;TP-LINK.*(?:Access Point|Extender|AP) ([A-Z0-9\-\+]+)&quot;.*$">
     <description>TP-LINK SoHo Router - verbose variant</description>
-    <example>Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
-    <example>Basic realm="TP-LINK Wireless Range Extender WA830RE"</example>
+    <example os.product="WA801N">Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
+    <example hw.product="WA830RE">Basic realm="TP-LINK Wireless Range Extender WA830RE"</example>
     <example>Basic realm="TP-LINK Wireless Range Extender WA850RE"</example>
     <example>Basic realm="TP-LINK Wireless AP WA501G"</example>
     <example>Basic realm="TP-LINK Wireless N Access Point WA701ND"</example>
@@ -366,6 +382,9 @@
     <param pos="0" name="os.vendor" value="TP-LINK"/>
     <param pos="0" name="os.device" value="WAP"/>
     <param pos="1" name="os.product"/>
+    <param pos="0" name="hw.vendor" value="TP-LINK"/>
+    <param pos="0" name="hw.device" value="WAP"/>
+    <param pos="1" name="hw.product"/>
   </fingerprint>
 
   <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TP-LINK (.*Router.*)&quot;.*$">

data/xml/ldap_searchresult.xml

@@ -365,6 +365,7 @@
     </example>
     <param pos="0" name="service.vendor" value="Kerio"/>
     <param pos="0" name="service.product" value="Connect"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kerio:connect:-"/>
   </fingerprint>
 
   <fingerprint pattern="(?im:vmwPlatformServicesControllerVersion1.\x04.(\d\.\d\.\d)0.)">

data/xml/ntp_banners.xml

@@ -362,6 +362,7 @@
     <param pos="0" name="os.product" value="NetScaler"/>
     <param pos="3" name="os.arch"/>
     <param pos="4" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:{os.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
@@ -927,6 +928,11 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:{os.version}"/>
   </fingerprint>
 
+  <!--
+    This may need to be split into ESX and ESXi. ESXi started w/ version 4.1 and
+    all versions 5.x were ESXi only.
+    -->
+
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;VMkernel/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>ntpd running on VMware ESXi</description>
     <example>
@@ -1032,7 +1038,7 @@
     <param pos="0" name="os.family" value="Data ONTAP"/>
     <param pos="0" name="os.product" value="Data ONTAP"/>
     <param pos="1" name="os.version"/>
-    <param pos="0" name="ow.device" value="NAS"/>
+    <param pos="0" name="os.device" value="NAS"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
     <param pos="0" name="hw.vendor" value="NetApp"/>
     <param pos="0" name="hw.device" value="NAS"/>

data/xml/sip_banners.xml

@@ -103,6 +103,7 @@
     <param pos="0" name="hw.vendor" value="Cisco"/>
     <param pos="0" name="hw.product" value="SPA112"/>
     <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa112:-"/>
   </fingerprint>
 
   <fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
@@ -291,6 +292,7 @@
     <param pos="0" name="hw.product" value="UCM6204"/>
     <param pos="1" name="hw.version"/>
     <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6204:{hw.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^Grandstream UCM6202V(\d\.\d\w) ([\d.]+)$">

data/xml/sip_user_agents.xml

@@ -408,6 +408,7 @@
     <param pos="0" name="hw.vendor" value="Grandstream"/>
     <param pos="0" name="hw.product" value="HT802"/>
     <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht802:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Grandstream HT801 ([\d.]+)$">

data/xml/smtp_banners.xml

@@ -333,17 +333,20 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^ESMTP Exim$">
-    <description>Exim - without version string or hostname</description>
+  <fingerprint pattern="^ESMTP Exim ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?)$">
+    <description>Exim - without version string or hostname - timestamp optional</description>
     <example>ESMTP Exim</example>
+    <example system.time="Thu, 29 Apr 2021 06:46:16 +0200">ESMTP Exim Thu, 29 Apr 2021 06:46:16 +0200</example>
     <param pos="0" name="service.vendor" value="exim"/>
     <param pos="0" name="service.family" value="exim"/>
     <param pos="0" name="service.product" value="exim"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
+    <param pos="1" name="system.time"/>
   </fingerprint>
 
-  <fingerprint pattern="^ ?([^, ]+)(?:,)? ESMTP \(?(?i:Exim) +(\d+\.[\d_.bRC-]+)\)?(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
+  <fingerprint pattern="^ ?([^, ]+)(?:,)? +ESMTP \(?(?i:Exim) +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
     <description>Exim - with version string and optional timestamp</description>
+    <example service.version="4.91" host.name="foo.bar">foo.bar  ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
     <example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
     <example service.version="4.83" host.name="foo.bar">foo.bar, ESMTP EXIM 4.83</example>
     <example service.version="4.84_2" host.name="foo.bar">foo.bar ESMTP Exim 4.84_2 </example>
@@ -352,7 +355,7 @@
     <example service.version="4.89-122312">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
     <example service.version="4.87">foo.bar ESMTP (Exim 4.87) Thu, 30 Nov 2017 03:25:58 -0800 </example>
     <example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
-    <example service.version="3.12" system.time="Wed, 31 Jan 2001 15:47:23 +1100">foo.bar ESMTP Exim 3.12 #1 Wed, 31 Jan 2001 15:47:23 +1100 </example>
+    <example service.version="4.92.2" system.time="Thu, 29 Apr 2021 07:43:39 +0200">foo.bar ESMTP Exim 4.92.2 #89 Thu, 29 Apr 2021 07:43:39 +0200 </example>
     <example service.version="4.89" host.name="foo.bar"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
     <param pos="0" name="service.vendor" value="exim"/>
     <param pos="0" name="service.family" value="exim"/>
@@ -432,6 +435,16 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
+  <fingerprint pattern="^([\w.-]+) ESMTP \([a-z0-9]{32}\)$">
+    <description>Barracuda Email Security Gateway - physical or virtual appliance</description>
+    <example host.name="barracuda.foo.bar">barracuda.foo.bar ESMTP (0a8d40ef45300cc1bd0f16ced5c9e6f1)</example>
+    <param pos="0" name="service.vendor" value="Barracuda"/>
+    <param pos="0" name="service.product" value="Email Security Gateway"/>
+    <param pos="0" name="hw.vendor" value="Barracuda"/>
+    <param pos="0" name="hw.product" value="Email Security Gateway"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+
   <fingerprint pattern="^([^ ]+) FTGate server ready .*$">
     <description>FTGate mail server, runs on Windows 9x/NT/2k (http://www.ftgate.com)</description>
     <example host.name="foo.bar">foo.bar FTGate server ready -attitude [C.o.r.E]</example>
@@ -824,6 +837,7 @@
     <param pos="0" name="service.family" value="Lotus Domino"/>
     <param pos="0" name="service.product" value="Lotus Domino"/>
     <param pos="0" name="service.version" value="4"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:4"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
@@ -875,6 +889,7 @@
     <param pos="0" name="service.vendor" value="Lotus"/>
     <param pos="0" name="service.family" value="Lotus Domino"/>
     <param pos="0" name="service.product" value="Lotus Domino"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="notes.build.version"/>
     <param pos="3" name="system.time"/>
@@ -886,6 +901,7 @@
     <param pos="0" name="service.vendor" value="Lotus"/>
     <param pos="0" name="service.family" value="Lotus Domino"/>
     <param pos="0" name="service.product" value="Lotus Domino"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="system.time"/>
@@ -1325,6 +1341,25 @@
     <param pos="4" name="system.time"/>
   </fingerprint>
 
+  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb9u1; (.+); .*$">
+    <description>Sendmail - Debian 9.1 (stretch)</description>
+    <example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
+    <param pos="0" name="service.vendor" value="Sendmail"/>
+    <param pos="0" name="service.family" value="Sendmail"/>
+    <param pos="0" name="service.product" value="Sendmail"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.version" value="9.1"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.1"/>
+    <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
+    <param pos="3" name="sendmail.config.version"/>
+    <param pos="4" name="system.time"/>
+  </fingerprint>
+
   <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+); .*$">
     <description>Sendmail - Debian 5.x (lenny)</description>
     <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
@@ -1563,9 +1598,10 @@
     <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
   </fingerprint>
 
-  <fingerprint pattern="^ESMTP Sendmail +([^/ ]+) */ *([^/ ]+); (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)$">
+  <fingerprint pattern="^\s?ESMTP Sendmail +([^/ ]+) */ *([^/ ]+); (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)$">
     <description>Sendmail - with version and date, w/o hostname or platform (semicolon variant)</description>
     <example service.version="8.13.1" sendmail.config.version="8.13.1" system.time="Thu, 30 Nov 2017 01:58:22 -0700">ESMTP Sendmail  8.13.1/8.13.1; Thu, 30 Nov 2017 01:58:22 -0700</example>
+    <example service.version="8.14.7" sendmail.config.version="8.14.7" system.time="Thu, 29 Apr 2021 14:07:54 +0900"> ESMTP Sendmail 8.14.7/8.14.7; Thu, 29 Apr 2021 14:07:54 +0900</example>
     <param pos="0" name="service.vendor" value="Sendmail"/>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>

data/xml/smtp_expn.xml

@@ -78,6 +78,7 @@
     <param pos="0" name="service.vendor" value="Lotus"/>
     <param pos="0" name="service.family" value="Lotus Domino"/>
     <param pos="0" name="service.product" value="Lotus Domino"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
   </fingerprint>
 
   <fingerprint pattern="^550[ -]Unable to find list '.*'\.$">

data/xml/smtp_vrfy.xml

@@ -95,6 +95,7 @@
     <param pos="0" name="service.vendor" value="Lotus"/>
     <param pos="0" name="service.family" value="Lotus Domino"/>
     <param pos="0" name="service.product" value="Lotus Domino"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
   </fingerprint>
 
 </fingerprints>

data/xml/snmp_sysdescr.xml

@@ -1583,7 +1583,7 @@
     <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="1" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:{os.version}"/>
     <param pos="0" name="hw.vendor" value="Cisco"/>
     <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
     <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
@@ -1612,7 +1612,7 @@
     <param pos="0" name="os.product" value="VPN 3000 Concentrator"/>
     <param pos="0" name="os.device" value="VPN"/>
     <param pos="1" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:vpn_3000_concentrator:{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:vpn_3000_concentrator_series_software:{os.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:Cisco )?Network Analysis Module \(WS-[^\)]+\), Version ([^, ]+)[,\s]?">
@@ -1631,6 +1631,11 @@ Copyright (c) 1999-2004 by cisco Systems, Inc.</example>
     <param pos="0" name="os.product" value="NAM"/>
     <param pos="0" name="os.device" value="Network Management Device"/>
     <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:network_analysis_module_software:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.product" value="NAM"/>
+    <param pos="0" name="hw.device" value="Network Management Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:network_analysis_module:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:Cisco )?Network Analysis Module \(WS-([^\-]+)-NAM\)$">
@@ -1640,6 +1645,9 @@ Copyright (c) 1999-2004 by cisco Systems, Inc.</example>
     <param pos="0" name="os.vendor" value="Cisco"/>
     <param pos="0" name="os.product" value="NAM"/>
     <param pos="0" name="os.device" value="Network Management Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:network_analysis_module_software:-"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.device" value="Network Management Device"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
 
@@ -3074,6 +3082,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.product" value="iLO"/>
     <param pos="0" name="os.device" value="Lights Out Management"/>
     <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:{os.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^Integrated Lights-Out (\d) \(iLO \d\) for Integrity$">
@@ -3084,6 +3093,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.product" value="iLO"/>
     <param pos="0" name="os.device" value="Lights Out Management"/>
     <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:{os.version}"/>
   </fingerprint>
 
   <!--======================================================================
@@ -4912,6 +4922,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.product" value="NetScaler"/>
     <param pos="1" name="os.version"/>
     <param pos="2" name="os.version.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:{os.version}"/>
   </fingerprint>
 
   <!--======================================================================
@@ -5555,14 +5566,28 @@ Copyright (c) 1995-2005 by Cisco Systems
     <example>Palo Alto Networks PA-4000 series firewall</example>
     <param pos="0" name="os.vendor" value="Palo Alto Networks"/>
     <param pos="0" name="os.device" value="Firewall"/>
-    <param pos="1" name="os.product"/>
+    <param pos="0" name="os.product" value="PAN-OS"/>
+    <param pos="0" name="os.family" value="PAN-OS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
+    <param pos="0" name="service.vendor" value="Palo Alto Networks"/>
+    <param pos="0" name="service.device" value="Firewall"/>
+    <param pos="0" name="hw.vendor" value="Palo Alto Networks"/>
+    <param pos="0" name="hw.device" value="Firewall"/>
+    <param pos="1" name="hw.product"/>
   </fingerprint>
 
   <fingerprint pattern="^Palo Alto Networks Panorama server$">
     <description>Palo Alto Panorama</description>
     <example>Palo Alto Networks Panorama server</example>
     <param pos="0" name="os.vendor" value="Palo Alto Networks"/>
-    <param pos="0" name="os.product" value="Panorama Server"/>
+    <param pos="0" name="os.product" value="PAN-OS"/>
+    <param pos="0" name="os.family" value="PAN-OS"/>
+    <param pos="0" name="os.device" value="Firewall"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
+    <param pos="0" name="service.vendor" value="Palo Alto Networks"/>
+    <param pos="0" name="service.product" value="Panorama Server"/>
+    <param pos="0" name="service.device" value="Firewall"/>
+    <param pos="0" name="hw.vendor" value="Palo Alto Networks"/>
   </fingerprint>
 
   <!--======================================================================
@@ -6153,6 +6178,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.product" value="SonicOS"/>
+    <param pos="0" name="hw.vendor" value="SonicWall"/>
     <param pos="1" name="hw.product"/>
     <param pos="2" name="hw.model"/>
     <param pos="3" name="os.version"/>
@@ -6166,6 +6192,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.product" value="SonicOS"/>
+    <param pos="0" name="hw.vendor" value="SonicWall"/>
     <param pos="1" name="hw.product"/>
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:{os.version}"/>
@@ -6185,6 +6212,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.product" value="SonicOS"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
+    <param pos="0" name="hw.vendor" value="SonicWall"/>
     <param pos="1" name="hw.family"/>
     <param pos="2" name="hw.product"/>
   </fingerprint>
@@ -7074,16 +7102,29 @@ Copyright (c) 1995-2005 by Cisco Systems
                              VMware
    =======================================================================-->
 
-  <fingerprint pattern="^(VMware ESXi?) (\d\.\d+\.\d+) build-\d+ VMware, Inc\. (\S+)$">
-    <description>VMware ESX/ESXi</description>
-    <example os.product="VMware ESXi" os.version="5.1.0" os.arch="x86_64">VMware ESXi 5.1.0 build-1157734 VMware, Inc. x86_64</example>
-    <example os.product="VMware ESX" os.version="5.0.0" os.arch="x86_64">VMware ESX 5.0.0 build-623860 VMware, Inc. x86_64</example>
+  <fingerprint pattern="^VMware ESXi (\d\.\d+\.\d+) build-\d+ VMware, Inc\. (\S+)$">
+    <description>VMware ESXi</description>
+    <example os.version="5.1.0" os.arch="x86_64">VMware ESXi 5.1.0 build-1157734 VMware, Inc. x86_64</example>
     <param pos="0" name="os.vendor" value="VMware"/>
     <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
-    <param pos="1" name="os.product"/>
-    <param pos="2" name="os.version"/>
-    <param pos="3" name="os.arch"/>
+    <param pos="0" name="os.product" value="VMware ESXi Server"/>
+    <param pos="1" name="os.version"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.device" value="Hypervisor"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:{os.version}"/>
+    <param pos="0" name="hw.device" value="Hypervisor"/>
+  </fingerprint>
+
+  <fingerprint pattern="^VMware ESX (\d\.\d+\.\d+) build-\d+ VMware, Inc\. (\S+)$">
+    <description>VMware ESX</description>
+    <example os.version="5.0.0" os.arch="x86_64">VMware ESX 5.0.0 build-623860 VMware, Inc. x86_64</example>
+    <param pos="0" name="os.vendor" value="VMware"/>
+    <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
+    <param pos="0" name="os.product" value="VMware ESX Server"/>
+    <param pos="1" name="os.version"/>
+    <param pos="2" name="os.arch"/>
     <param pos="0" name="os.device" value="Hypervisor"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:{os.version}"/>
     <param pos="0" name="hw.device" value="Hypervisor"/>
   </fingerprint>
 

data/xml/ssh_banners.xml

@@ -33,12 +33,12 @@
     <param pos="0" name="service.product" value="iLO"/>
     <param pos="0" name="service.family" value="iLO"/>
     <param pos="1" name="service.version"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:hp:integrated_lights_out:{service.version}"/>
     <param pos="0" name="hw.vendor" value="HP"/>
     <param pos="0" name="os.vendor" value="HP"/>
     <param pos="0" name="os.product" value="iLO"/>
     <param pos="0" name="os.family" value="iLO"/>
     <param pos="0" name="os.device" value="Lights Out Management"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Serv-U_([\d\.]+)$">
@@ -1704,7 +1704,7 @@
     <param pos="0" name="service.product" value="SSH"/>
     <param pos="0" name="os.vendor" value="Cisco"/>
     <param pos="0" name="os.product" value="Wireless LAN Controller"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller:-"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
   </fingerprint>
 
   <fingerprint pattern="(?i)^Cleo (\S+)/(\S+) SSH FTP server$">
@@ -1865,6 +1865,7 @@
     <param pos="0" name="service.vendor" value="Standard Networks"/>
     <param pos="0" name="service.family" value="MOVEit DMZ"/>
     <param pos="0" name="service.product" value="MOVEit DMZ"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:moveit_dmz:{service.version}"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows"/>
@@ -1953,7 +1954,8 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="Attachmate"/>
     <param pos="0" name="service.family" value="Reflection"/>
-    <param pos="0" name="service.product" value="Reflection"/>
+    <param pos="0" name="service.product" value="Reflection for Secure IT"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:attachmate:reflection_for_secure_it:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^([^\s]*)\s*F-Secure SSH\s*(?:.*)$">
@@ -1972,6 +1974,7 @@
     <param pos="0" name="service.vendor" value="SSH Communications Security"/>
     <param pos="0" name="service.family" value="SSH Tectia Server"/>
     <param pos="0" name="service.product" value="SSH Tectia Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ssh:tectia_server:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^([0-9\.]+) SSH Secure Shell(?: \(non-commercial\))?$">
@@ -1983,6 +1986,7 @@
     <param pos="0" name="service.vendor" value="SSH Communications Security"/>
     <param pos="0" name="service.family" value="SSH Tectia Server"/>
     <param pos="0" name="service.product" value="SSH Tectia Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ssh:tectia_server:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^([0-9\.]+) SSH Secure Shell Windows NT Server$">
@@ -1996,6 +2000,7 @@
     <param pos="0" name="service.vendor" value="SSH Communications Security"/>
     <param pos="0" name="service.family" value="SSH Tectia Server"/>
     <param pos="0" name="service.product" value="SSH Tectia Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ssh:tectia_server:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^ARRIS_(.*)$">
@@ -2083,6 +2088,7 @@
     <param pos="0" name="service.vendor" value="Standard Networks"/>
     <param pos="0" name="service.family" value="MOVEit DMZ"/>
     <param pos="0" name="service.product" value="MOVEit DMZ"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:moveit_dmz:-"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows"/>