recog 2.3.8 → 2.3.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (67) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -0
  3. data/CONTRIBUTING.md +136 -37
  4. data/README.md +18 -16
  5. data/bin/recog_cleanup +16 -0
  6. data/bin/recog_standardize +30 -6
  7. data/identifiers/README.md +9 -0
  8. data/identifiers/hw_device.txt +77 -0
  9. data/identifiers/hw_family.txt +96 -0
  10. data/identifiers/hw_product.txt +328 -0
  11. data/identifiers/os_architecture.txt +6 -6
  12. data/identifiers/os_device.txt +45 -3
  13. data/identifiers/os_family.txt +206 -41
  14. data/identifiers/os_product.txt +238 -17
  15. data/identifiers/service_family.txt +144 -57
  16. data/identifiers/service_product.txt +384 -83
  17. data/identifiers/vendor.txt +553 -68
  18. data/lib/recog/version.rb +1 -1
  19. data/requirements.txt +1 -1
  20. data/xml/apache_modules.xml +292 -5
  21. data/xml/apache_os.xml +41 -2
  22. data/xml/architecture.xml +11 -3
  23. data/xml/dns_versionbind.xml +76 -8
  24. data/xml/favicons.xml +1700 -0
  25. data/xml/ftp_banners.xml +178 -8
  26. data/xml/h323_callresp.xml +112 -12
  27. data/xml/hp_pjl_id.xml +47 -5
  28. data/xml/html_title.xml +1258 -25
  29. data/xml/http_cookies.xml +64 -9
  30. data/xml/http_servers.xml +667 -37
  31. data/xml/http_wwwauth.xml +141 -26
  32. data/xml/imap_banners.xml +19 -13
  33. data/xml/ldap_searchresult.xml +81 -9
  34. data/xml/mdns_device-info_txt.xml +175 -2
  35. data/xml/mdns_workstation_txt.xml +4 -2
  36. data/xml/mysql_banners.xml +134 -7
  37. data/xml/mysql_error.xml +113 -6
  38. data/xml/nntp_banners.xml +10 -2
  39. data/xml/ntp_banners.xml +80 -4
  40. data/xml/operating_system.xml +89 -3
  41. data/xml/pop_banners.xml +30 -31
  42. data/xml/rsh_resp.xml +11 -2
  43. data/xml/rtsp_servers.xml +22 -2
  44. data/xml/sip_banners.xml +35 -4
  45. data/xml/sip_user_agents.xml +29 -2
  46. data/xml/smb_native_lm.xml +10 -2
  47. data/xml/smb_native_os.xml +79 -2
  48. data/xml/smtp_banners.xml +146 -7
  49. data/xml/smtp_debug.xml +6 -4
  50. data/xml/smtp_ehlo.xml +7 -5
  51. data/xml/smtp_expn.xml +13 -4
  52. data/xml/smtp_help.xml +23 -4
  53. data/xml/smtp_mailfrom.xml +5 -2
  54. data/xml/smtp_noop.xml +6 -5
  55. data/xml/smtp_quit.xml +5 -4
  56. data/xml/smtp_rcptto.xml +5 -2
  57. data/xml/smtp_rset.xml +4 -4
  58. data/xml/smtp_turn.xml +4 -4
  59. data/xml/smtp_vrfy.xml +14 -4
  60. data/xml/snmp_sysdescr.xml +731 -24
  61. data/xml/snmp_sysobjid.xml +47 -2
  62. data/xml/ssh_banners.xml +175 -5
  63. data/xml/telnet_banners.xml +266 -15
  64. data/xml/x11_banners.xml +26 -3
  65. data/xml/x509_issuers.xml +30 -6
  66. data/xml/x509_subjects.xml +200 -31
  67. metadata +8 -2
data/xml/x11_banners.xml CHANGED
@@ -1,4 +1,4 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="x11.vendor" protocol="x11">
3
3
  <!--
4
4
  During X11 connection setup as specified in the X11 protocol
@@ -7,12 +7,14 @@
7
7
  This success response contains a vendor field which can be used to
8
8
  fingerprint systems with the following fingerprints.
9
9
  -->
10
+
10
11
  <fingerprint pattern="^AT&amp;T Laboratories Cambridge$">
11
12
  <description>AT&amp;T Laboratories Cambridge</description>
12
13
  <example>AT&amp;T Laboratories Cambridge</example>
13
14
  <param pos="0" name="service.vendor" value="AT&amp;T Laboratories Cambridge"/>
14
15
  <param pos="0" name="service.product" value="Xvnc"/>
15
16
  </fingerprint>
17
+
16
18
  <fingerprint pattern="^CentOS$">
17
19
  <description>CentOS</description>
18
20
  <example>CentOS</example>
@@ -24,6 +26,7 @@
24
26
  <param pos="0" name="os.family" value="Linux"/>
25
27
  <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
26
28
  </fingerprint>
29
+
27
30
  <fingerprint pattern="^Colin Harrison$">
28
31
  <description>Colin Harrison</description>
29
32
  <example>Colin Harrison</example>
@@ -34,6 +37,7 @@
34
37
  <param pos="0" name="os.family" value="Windows"/>
35
38
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
36
39
  </fingerprint>
40
+
37
41
  <fingerprint pattern="^DECWINDOWS DigitalEquipmentCorporation, eXcursion$">
38
42
  <description>DECWINDOWS DigitalEquipmentCorporation, eXcursion</description>
39
43
  <example>DECWINDOWS DigitalEquipmentCorporation, eXcursion</example>
@@ -44,6 +48,7 @@
44
48
  <param pos="0" name="os.family" value="Windows"/>
45
49
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
46
50
  </fingerprint>
51
+
47
52
  <fingerprint pattern="^DECWINDOWS Hewlett-Packard Development Company OpenVMS$">
48
53
  <description>DECWINDOWS Hewlett-Packard Development Company OpenVMS</description>
49
54
  <example>DECWINDOWS Hewlett-Packard Development Company OpenVMS</example>
@@ -53,6 +58,7 @@
53
58
  <param pos="0" name="os.product" value="OpenVMS"/>
54
59
  <param pos="0" name="os.family" value="OpenVMS"/>
55
60
  </fingerprint>
61
+
56
62
  <fingerprint pattern="^Fedora Project$">
57
63
  <description>Fedora Project</description>
58
64
  <example>Fedora Project</example>
@@ -64,6 +70,7 @@
64
70
  <param pos="0" name="os.family" value="Linux"/>
65
71
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
66
72
  </fingerprint>
73
+
67
74
  <fingerprint pattern="^freedesktop\.org$">
68
75
  <description>freedesktop.org</description>
69
76
  <example>freedesktop.org</example>
@@ -75,6 +82,7 @@
75
82
  <param pos="0" name="os.family" value="Linux"/>
76
83
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
77
84
  </fingerprint>
85
+
78
86
  <fingerprint pattern="^HC-Consult$">
79
87
  <description>HC-Consult</description>
80
88
  <example>HC-Consult</example>
@@ -85,6 +93,7 @@
85
93
  <param pos="0" name="os.family" value="Windows"/>
86
94
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
87
95
  </fingerprint>
96
+
88
97
  <fingerprint pattern="^Hummingbird Communications Ltd\.$|^Hummingbird Ltd\.$">
89
98
  <description>Hummingbird Communications Ltd.</description>
90
99
  <example>Hummingbird Communications Ltd.</example>
@@ -96,16 +105,18 @@
96
105
  <param pos="0" name="os.family" value="Windows"/>
97
106
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
98
107
  </fingerprint>
108
+
99
109
  <fingerprint pattern="^Labtam Inc$">
100
110
  <description>Labtam Inc</description>
101
111
  <example>Labtam Inc</example>
102
112
  <param pos="0" name="os.vendor" value="Microsoft"/>
103
- <param pos="0" name="service.vendor" value="Labtam Inc."/>
113
+ <param pos="0" name="service.vendor" value="Labtam"/>
104
114
  <param pos="0" name="service.product" value="XSecurePro"/>
105
115
  <param pos="0" name="os.product" value="Windows"/>
106
116
  <param pos="0" name="os.family" value="Windows"/>
107
117
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
108
118
  </fingerprint>
119
+
109
120
  <fingerprint pattern="^Moba\/X$">
110
121
  <description>Moba/X</description>
111
122
  <example>Moba/X</example>
@@ -117,6 +128,7 @@
117
128
  <param pos="0" name="os.family" value="Windows"/>
118
129
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
119
130
  </fingerprint>
131
+
120
132
  <fingerprint pattern="^MobaXterm$">
121
133
  <description>MobaXterm</description>
122
134
  <example>MobaXterm</example>
@@ -128,6 +140,7 @@
128
140
  <param pos="0" name="os.family" value="Windows"/>
129
141
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
130
142
  </fingerprint>
143
+
131
144
  <fingerprint pattern="^NetSarang Computer, Inc\.$">
132
145
  <description>NetSarang Computer, Inc.</description>
133
146
  <example>NetSarang Computer, Inc.</example>
@@ -138,6 +151,7 @@
138
151
  <param pos="0" name="os.family" value="Windows"/>
139
152
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
140
153
  </fingerprint>
154
+
141
155
  <fingerprint pattern="^Open Text$">
142
156
  <description>Open Text</description>
143
157
  <example>Open Text</example>
@@ -148,6 +162,7 @@
148
162
  <param pos="0" name="os.family" value="Windows"/>
149
163
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
150
164
  </fingerprint>
165
+
151
166
  <fingerprint pattern="^Red Hat, Inc\.$">
152
167
  <description>Red Hat, Inc.</description>
153
168
  <example>Red Hat, Inc.</example>
@@ -159,6 +174,7 @@
159
174
  <param pos="0" name="os.family" value="Linux"/>
160
175
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
161
176
  </fingerprint>
177
+
162
178
  <fingerprint pattern="^Santa Cruz Operation Inc\.$">
163
179
  <description>Santa Cruz Operation Inc.</description>
164
180
  <example>Santa Cruz Operation Inc.</example>
@@ -168,6 +184,7 @@
168
184
  <param pos="0" name="os.product" value="SCO UNIX"/>
169
185
  <param pos="0" name="os.family" value="SCO UNIX"/>
170
186
  </fingerprint>
187
+
171
188
  <fingerprint pattern="^StarNet Communications Corp\.$">
172
189
  <description>StarNet Communications Corp.</description>
173
190
  <example>StarNet Communications Corp.</example>
@@ -178,6 +195,7 @@
178
195
  <param pos="0" name="os.family" value="Windows"/>
179
196
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
180
197
  </fingerprint>
198
+
181
199
  <fingerprint pattern="^Sun Microsystems, Inc\.$">
182
200
  <description>Sun Microsystems, Inc.</description>
183
201
  <example>Sun Microsystems, Inc.</example>
@@ -188,6 +206,7 @@
188
206
  <param pos="0" name="os.family" value="Solaris"/>
189
207
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:-"/>
190
208
  </fingerprint>
209
+
191
210
  <fingerprint pattern="^The Cygwin\/X Project$">
192
211
  <description>The Cygwin/X Project</description>
193
212
  <example>The Cygwin/X Project</example>
@@ -199,6 +218,7 @@
199
218
  <param pos="0" name="os.family" value="Windows"/>
200
219
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
201
220
  </fingerprint>
221
+
202
222
  <fingerprint pattern="^The X\.Org Foundation$">
203
223
  <description>The X.Org Foundation</description>
204
224
  <example>The X.Org Foundation</example>
@@ -209,6 +229,7 @@
209
229
  <param pos="0" name="os.product" value="UNIX"/>
210
230
  <param pos="0" name="os.family" value="UNIX"/>
211
231
  </fingerprint>
232
+
212
233
  <fingerprint pattern="^The XFree86 Project, Inc$">
213
234
  <description>The XFree86 Project, Inc</description>
214
235
  <example>The XFree86 Project, Inc</example>
@@ -219,6 +240,7 @@
219
240
  <param pos="0" name="os.product" value="UNIX"/>
220
241
  <param pos="0" name="os.family" value="UNIX"/>
221
242
  </fingerprint>
243
+
222
244
  <fingerprint pattern="^WRQ, Inc\.$">
223
245
  <description>WRQ, Inc.</description>
224
246
  <example>WRQ, Inc.</example>
@@ -229,4 +251,5 @@
229
251
  <param pos="0" name="os.family" value="Windows"/>
230
252
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
231
253
  </fingerprint>
232
- </fingerprints>
254
+
255
+ </fingerprints>
data/xml/x509_issuers.xml CHANGED
@@ -1,15 +1,26 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="x509.issuer" protocol="x509">
3
3
  <!--
4
4
  This fingerprint set matches the Issuer field of x509 certificates. These x509
5
5
  certificates may be sourced from any SSL or TLS service. If a particular system
6
6
  has identical subject and issuer fields, the subject field should be preferred.
7
-
8
7
  The format of the Issuer field is built from the x509 distinguished names using
9
8
  a specific order. Please see the comments in x509_subjects.xml for details.
10
-
11
9
  -->
10
+
12
11
  <!-- Chromecast and various devices that support the Cast protocol -->
12
+
13
+ <fingerprint pattern="^CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US$">
14
+ <description>Google Chromecast Gen 1</description>
15
+ <example>CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
16
+ <param pos="0" name="os.vendor" value="Google"/>
17
+ <param pos="0" name="os.product" value="ChromeOS"/>
18
+ <param pos="0" name="hw.device" value="Media Server"/>
19
+ <param pos="0" name="hw.vendor" value="Google"/>
20
+ <param pos="0" name="hw.product" value="Chromecast"/>
21
+ <param pos="0" name="chromecast.generation" value="1"/>
22
+ </fingerprint>
23
+
13
24
  <fingerprint pattern="^CN=Chromecast ICA (\d+)\s*\(?([^,\)]*)\)?,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US$">
14
25
  <description>Google Chromecast</description>
15
26
  <example chromecast.generation="3">CN=Chromecast ICA 3,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
@@ -28,6 +39,7 @@
28
39
  <param pos="1" name="chromecast.generation"/>
29
40
  <param pos="2" name="chromecast.capabilities"/>
30
41
  </fingerprint>
42
+
31
43
  <fingerprint pattern="^CN=Asus fugu Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US$">
32
44
  <description>ASUS Nexus Player (Android) with Google Cast</description>
33
45
  <example>CN=Asus fugu Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US</example>
@@ -39,6 +51,7 @@
39
51
  <param pos="0" name="hw.vendor" value="ASUS"/>
40
52
  <param pos="0" name="hw.product" value="Nexus Player"/>
41
53
  </fingerprint>
54
+
42
55
  <fingerprint pattern="^CN=Sony amai Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US$">
43
56
  <description>Sony SmartTV (Android) with Google Cast</description>
44
57
  <example>CN=Sony amai Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US</example>
@@ -49,6 +62,7 @@
49
62
  <param pos="0" name="hw.device" value="Smart TV"/>
50
63
  <param pos="0" name="hw.vendor" value="Sony"/>
51
64
  </fingerprint>
65
+
52
66
  <fingerprint pattern="^CN=Cast TV ICA \(Vizio\),OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US$">
53
67
  <description>Vizio SmartTV (Android) with Google Cast</description>
54
68
  <example>CN=Cast TV ICA (Vizio),OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
@@ -59,6 +73,7 @@
59
73
  <param pos="0" name="hw.device" value="Smart TV"/>
60
74
  <param pos="0" name="hw.vendor" value="Vizio"/>
61
75
  </fingerprint>
76
+
62
77
  <fingerprint pattern="^CN=NVidia Shield Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US$">
63
78
  <description>NVIDIA SHIELD (Android) with Google Cast</description>
64
79
  <example>CN=NVidia Shield Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US</example>
@@ -70,6 +85,7 @@
70
85
  <param pos="0" name="hw.vendor" value="NVIDIA"/>
71
86
  <param pos="0" name="hw.product" value="SHIELD"/>
72
87
  </fingerprint>
88
+
73
89
  <fingerprint pattern="^CN=NVidia Darcy NVidia Tegra K1-Denver Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US$">
74
90
  <description>NVIDIA SHIELD (Android) with Google Cast (Darcy)</description>
75
91
  <example>CN=NVidia Darcy NVidia Tegra K1-Denver Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US</example>
@@ -81,7 +97,9 @@
81
97
  <param pos="0" name="hw.vendor" value="NVIDIA"/>
82
98
  <param pos="0" name="hw.product" value="SHIELD"/>
83
99
  </fingerprint>
100
+
84
101
  <!-- End of Chromecast -->
102
+
85
103
  <fingerprint pattern="^CN=Yealink Equipment Issuing CA,OU=yealink\.com,O=Yealink Network Technology Co\.\\,Ltd.,L=Xiamen,ST=Fujian,C=CN$">
86
104
  <description>Yealink VoIP Phone</description>
87
105
  <example>CN=Yealink Equipment Issuing CA,OU=yealink.com,O=Yealink Network Technology Co.\,Ltd.,L=Xiamen,ST=Fujian,C=CN</example>
@@ -91,12 +109,14 @@
91
109
  <param pos="0" name="hw.device" value="VoIP"/>
92
110
  <param pos="0" name="hw.vendor" value="Yealink"/>
93
111
  </fingerprint>
112
+
94
113
  <fingerprint pattern="^CN=[a-zA-Z0-9]+,OU=Internally Generated Certificate,O=American Power Conversion Corp,L=Default Locality,ST=Default State,C=US$">
95
114
  <description>APC UPS</description>
96
115
  <example>CN=ZA1117619249,OU=Internally Generated Certificate,O=American Power Conversion Corp,L=Default Locality,ST=Default State,C=US</example>
97
116
  <param pos="0" name="hw.device" value="Power device"/>
98
117
  <param pos="0" name="hw.vendor" value="APC"/>
99
118
  </fingerprint>
119
+
100
120
  <fingerprint pattern="^CN=Temporary CA [a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12},OU=Temporary CA">
101
121
  <description>Cisco Video Communication Server</description>
102
122
  <example>CN=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,OU=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,O=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74</example>
@@ -104,20 +124,23 @@
104
124
  <param pos="0" name="hw.vendor" value="Cisco"/>
105
125
  <param pos="0" name="hw.product" value="TelePresence"/>
106
126
  </fingerprint>
127
+
107
128
  <fingerprint pattern="^O=VMware Installer$">
108
129
  <description>VMWare ESXi w/Installer</description>
109
130
  <example>O=VMware Installer</example>
110
- <param pos="0" name="os.vendor" value="VMWare"/>
131
+ <param pos="0" name="os.vendor" value="VMware"/>
111
132
  <param pos="0" name="os.product" value="ESXi"/>
112
133
  <param pos="0" name="os.device" value="Hypervisor"/>
113
134
  <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
114
135
  </fingerprint>
136
+
115
137
  <fingerprint pattern="^CN=CA,OU=VMware Engineering,O=vCenter,ST=California,C=US$">
116
138
  <description>VMWare vCenter</description>
117
139
  <example>CN=CA,OU=VMware Engineering,O=vCenter,ST=California,C=US</example>
118
- <param pos="0" name="service.vendor" value="VMWare"/>
140
+ <param pos="0" name="service.vendor" value="VMware"/>
119
141
  <param pos="0" name="service.product" value="vCenter"/>
120
142
  </fingerprint>
143
+
121
144
  <fingerprint pattern="^CN=Default Issuer \(Do not trust\),OU=ISS,O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US$">
122
145
  <description>HP iLO</description>
123
146
  <example>CN=Default Issuer (Do not trust),OU=ISS,O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
@@ -131,4 +154,5 @@
131
154
  <param pos="0" name="os.family" value="iLO"/>
132
155
  <param pos="0" name="os.product" value="iLO"/>
133
156
  </fingerprint>
134
- </fingerprints>
157
+
158
+ </fingerprints>
data/xml/x509_subjects.xml CHANGED
@@ -1,16 +1,13 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="x509.subject" protocol="x509">
3
3
  <!--
4
4
  This fingerprint set matches the Subject field of x509 certificates. These x509
5
5
  certificates may be sourced from any SSL or TLS service. If a particular system
6
6
  has identical subject and issuer fields, the subject field should be preferred.
7
-
8
7
  The format of the Subject field is built from the x509 distinguished names using
9
8
  a specific order. This order matches the Go implementation at the URL:
10
9
  https://golang.org/src/crypto/x509/pkix/pkix.go#203
11
-
12
10
  The ToRDNSequence() function builds the string in reverse order:
13
-
14
11
  func (n Name) ToRDNSequence() (ret RDNSequence) {
15
12
  ret = n.appendRDNs(ret, n.Country, oidCountry)
16
13
  ret = n.appendRDNs(ret, n.Province, oidProvince)
@@ -28,13 +25,10 @@
28
25
  for _, atv := range n.ExtraNames {
29
26
  ret = append(ret, []AttributeTypeAndValue{atv})
30
27
  }
31
-
32
28
  return ret
33
29
  }
34
-
35
30
  All names are separated by commas and any commas inside a name are escaped with a
36
31
  single backslash character. See RFC 2253 for additional details on formatting.
37
-
38
32
  Practically, most Subjects start with the Common Name (CN=) and then step through
39
33
  Organization Unit (OU), Organization (O), and then some level of location, but
40
34
  typically Locality (L) and Country (C). Names are guaranteed to be listed in
@@ -42,10 +36,9 @@
42
36
  Subjects may start with a Serial Number (SERIALNUMBER=) or even Extra Names, but
43
37
  these are somewhat rare. Keep this name order in mind when working on these
44
38
  fingerprints.
45
-
46
39
  The same constraints also apply to the x509 Issuers (x509_issuers.xml).
47
-
48
40
  -->
41
+
49
42
  <fingerprint pattern="^CN=([0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}),OU=([^,]+),O=Araknis Networks \(TM\),L=Charlotte,C=US$">
50
43
  <description>Araknis Networks Router</description>
51
44
  <example host.mac="d4:6a:91:7a:a3:c4" hw.product="AN-300-RT-4L2W">CN=d4:6a:91:7a:a3:c4,OU=AN-300-RT-4L2W,O=Araknis Networks (TM),L=Charlotte,C=US</example>
@@ -54,23 +47,26 @@
54
47
  <param pos="2" name="hw.product"/>
55
48
  <param pos="1" name="host.mac"/>
56
49
  </fingerprint>
50
+
57
51
  <fingerprint pattern="^CN=([a-fA-F0-9:]+),OU=([^,]+),O=Cisco-Linksys\\, LLC">
58
52
  <description>Cisco / Linksys Router</description>
59
53
  <example host.mac="00:22:6b:ef:1e:d0" hw.product="RV042">CN=00:22:6b:ef:1e:d0,OU=RV042,O=Cisco-Linksys\, LLC,L=Irvine,C=US</example>
60
- <param pos="0" name="hw.device" value="Broadband Router"/>
54
+ <param pos="0" name="hw.device" value="Broadband router"/>
61
55
  <param pos="0" name="hw.vendor" value="Cisco"/>
62
56
  <param pos="2" name="hw.product"/>
63
57
  <param pos="1" name="host.mac"/>
64
58
  </fingerprint>
59
+
65
60
  <fingerprint pattern="^CN=([a-fA-F0-9\:]+),OU=([^,]+),O=Cisco Systems\\, Inc\.">
66
61
  <description>Cisco Post-Linksys Router</description>
67
62
  <example host.mac="74:a2:e6:5c:99:21" hw.product="RV042G">CN=74:a2:e6:5c:99:21,OU=RV042G,O=Cisco Systems\, Inc.,L=Irvine,C=US</example>
68
63
  <example host.mac="4C4E315901D0" hw.product="RV180">CN=4C4E315901D0,OU=RV180,O=Cisco Systems\, Inc.,C=US</example>
69
- <param pos="0" name="hw.device" value="Broadband Router"/>
64
+ <param pos="0" name="hw.device" value="Broadband router"/>
70
65
  <param pos="0" name="hw.vendor" value="Cisco"/>
71
66
  <param pos="2" name="hw.product"/>
72
67
  <param pos="1" name="host.mac"/>
73
68
  </fingerprint>
69
+
74
70
  <fingerprint pattern="^SERIALNUMBER=PID:([^ ]+) SN:([^,]+),CN=(?:[a-zA-Z0-9\-]+)-SEP([a-fA-F0-9]{12}),OU=[CV]TG,O=Cisco Systems Inc\.$">
75
71
  <description>Cisco IP phone with serial number</description>
76
72
  <example host.mac="B07D47D33A1C" hw.product="CP-8851" cisco.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
@@ -81,6 +77,7 @@
81
77
  <param pos="2" name="cisco.serial_number"/>
82
78
  <param pos="3" name="host.mac"/>
83
79
  </fingerprint>
80
+
84
81
  <fingerprint pattern="^CN=SEP([a-fA-F0-9]{12}),O=TemporaryDefaultCertificate$">
85
82
  <description>Cisco IP Phone without serial number</description>
86
83
  <example host.mac="1C6A7AE57121">CN=SEP1C6A7AE57121,O=TemporaryDefaultCertificate</example>
@@ -88,6 +85,7 @@
88
85
  <param pos="0" name="hw.vendor" value="Cisco"/>
89
86
  <param pos="1" name="host.mac"/>
90
87
  </fingerprint>
88
+
91
89
  <fingerprint pattern="^CN=Cambium WLAN AP,OU=Products,O=Cambium Networks Inc,L=San Jose,ST=CA,C=US$">
92
90
  <description>Cambium Networks WAP</description>
93
91
  <example>CN=Cambium WLAN AP,OU=Products,O=Cambium Networks Inc,L=San Jose,ST=CA,C=US</example>
@@ -95,6 +93,7 @@
95
93
  <param pos="0" name="hw.vendor" value="Cambium Networks"/>
96
94
  <param pos="0" name="hw.product" value="WLAN AP"/>
97
95
  </fingerprint>
96
+
98
97
  <fingerprint pattern="^CN=([^,]+),OU=Products,O=Cambium Networks Inc,L=San Jose,ST=CA,C=US$">
99
98
  <description>Cambium Networks Router</description>
100
99
  <example hw.product="R190V">CN=R190V,OU=Products,O=Cambium Networks Inc,L=San Jose,ST=CA,C=US</example>
@@ -103,12 +102,14 @@
103
102
  <param pos="0" name="hw.vendor" value="Cambium Networks"/>
104
103
  <param pos="1" name="hw.product"/>
105
104
  </fingerprint>
105
+
106
106
  <fingerprint pattern="^CN=Nepenthes Development Team,OU=anv,O=dionaea\.carnivore\.it,C=DE$">
107
107
  <description>Nepenthes honeypot</description>
108
108
  <example>CN=Nepenthes Development Team,OU=anv,O=dionaea.carnivore.it,C=DE</example>
109
109
  <param pos="0" name="service.family" value="Nepenthes"/>
110
110
  <param pos="0" name="service.product" value="Nepenthes"/>
111
111
  </fingerprint>
112
+
112
113
  <fingerprint pattern="^CN=IPMI,OU=Software,O=Super Micro Computer,ST=California,C=US$">
113
114
  <description>Super Micro IPMI Controller</description>
114
115
  <example>CN=IPMI,OU=Software,O=Super Micro Computer,ST=California,C=US</example>
@@ -118,6 +119,7 @@
118
119
  <param pos="0" name="os.vendor" value="Super Micro"/>
119
120
  <param pos="0" name="os.product" value="ATEN Linux"/>
120
121
  </fingerprint>
122
+
121
123
  <fingerprint pattern="^CN=iDRACdefault([a-fA-F0-9]{12}),OU=iDRAC Group,O=Dell Inc.,L=Round Rock,C=US$">
122
124
  <description>Dell iDRAC Remote Access Controller w/MAC</description>
123
125
  <example host.mac="0023AEF89AD1">CN=iDRACdefault0023AEF89AD1,OU=iDRAC Group,O=Dell Inc.,L=Round Rock,C=US</example>
@@ -128,6 +130,7 @@
128
130
  <param pos="0" name="os.product" value="iDRAC Linux"/>
129
131
  <param pos="1" name="host.mac"/>
130
132
  </fingerprint>
133
+
131
134
  <fingerprint pattern="^CN=idrac-([A-Z0-9]{7}),OU=Remote Access Group,O=Dell Inc\.,L=Round Rock,ST=Texas,C=US$">
132
135
  <description>Dell iDRAC Remote Access Controller w/Service Tag</description>
133
136
  <example dell.service_tag="JXJJC02">CN=idrac-JXJJC02,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
@@ -139,6 +142,7 @@
139
142
  <param pos="0" name="os.product" value="iDRAC Linux"/>
140
143
  <param pos="1" name="dell.service_tag"/>
141
144
  </fingerprint>
145
+
142
146
  <fingerprint pattern="^CN=idrac.*,OU=Remote Access Group,O=Dell Inc\.,L=Round Rock,ST=Texas,C=US$">
143
147
  <description>Dell iDRAC Remote Access Controller w/o Service Tag</description>
144
148
  <example>CN=idrac-SVCTAG,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
@@ -151,17 +155,19 @@
151
155
  <param pos="0" name="os.vendor" value="Dell"/>
152
156
  <param pos="0" name="os.product" value="iDRAC Linux"/>
153
157
  </fingerprint>
158
+
154
159
  <fingerprint pattern="^CN=(i?DRAC\d+) default certificate,OU=Remote Access Group,O=Dell Inc\.,L=Round Rock,ST=Texas,C=US$">
155
160
  <description>Dell iDRAC Remote Access Controller w/Version</description>
156
- <example>CN=iDRAC7 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
157
- <example>CN=iDRAC6 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
158
- <example>CN=DRAC5 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
161
+ <example hw.product="iDRAC7">CN=iDRAC7 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
162
+ <example hw.product="iDRAC6">CN=iDRAC6 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
163
+ <example hw.product="DRAC5">CN=DRAC5 default certificate,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
159
164
  <param pos="0" name="hw.device" value="Lights Out Management"/>
160
165
  <param pos="0" name="hw.vendor" value="Dell"/>
161
166
  <param pos="1" name="hw.product"/>
162
167
  <param pos="0" name="os.vendor" value="Dell"/>
163
168
  <param pos="0" name="os.product" value="iDRAC Linux"/>
164
169
  </fingerprint>
170
+
165
171
  <fingerprint pattern="^CN=iDRAC default certificate,OU=Server Firmware Group,O=Dell Inc\.,L=Round Rock,ST=Texas,C=US$">
166
172
  <description>Dell iDRAC Remote Access Controller Default Certificate</description>
167
173
  <example>CN=iDRAC default certificate,OU=Server Firmware Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
@@ -171,6 +177,7 @@
171
177
  <param pos="0" name="os.vendor" value="Dell"/>
172
178
  <param pos="0" name="os.product" value="iDRAC Linux"/>
173
179
  </fingerprint>
180
+
174
181
  <fingerprint pattern="^CN=XCC-([a-zA-Z0-9]+)-([a-zA-Z0-9]+),O=System X,L=RTP,ST=NC,C=US$">
175
182
  <description>Lenovo XCC</description>
176
183
  <example lenovo.machine_type="7X06" lenovo.machine_model="J1005NEX">CN=XCC-7X06-J1005NEX,O=System X,L=RTP,ST=NC,C=US</example>
@@ -183,6 +190,7 @@
183
190
  <param pos="1" name="lenovo.machine_type"/>
184
191
  <param pos="2" name="lenovo.machine_model"/>
185
192
  </fingerprint>
193
+
186
194
  <fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US$">
187
195
  <description>HP iLO</description>
188
196
  <example>CN=SERVER-1231,OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US</example>
@@ -197,6 +205,7 @@
197
205
  <param pos="0" name="os.product" value="iLO"/>
198
206
  <param pos="1" name="host.name"/>
199
207
  </fingerprint>
208
+
200
209
  <fingerprint pattern="^CN=HP Service Processor,OU=UDU Service Tools,O=Hewlett-Packard Development Company\\, L\.P\.\\ ,L=Fremont,ST=California,C=US$">
201
210
  <description>HP iLO - HP Service Processor</description>
202
211
  <example>CN=HP Service Processor,OU=UDU Service Tools,O=Hewlett-Packard Development Company\, L.P.\ ,L=Fremont,ST=California,C=US</example>
@@ -210,6 +219,7 @@
210
219
  <param pos="0" name="os.family" value="iLO"/>
211
220
  <param pos="0" name="os.product" value="iLO"/>
212
221
  </fingerprint>
222
+
213
223
  <fingerprint pattern="^CN=OA\-([a-fA-F0-9]+),OU=Onboard Administrator,">
214
224
  <description>HP iLO (Onboard Administrator)</description>
215
225
  <example>CN=OA-001F296E21A3,OU=Onboard Administrator,O=Corp.,L=Location,ST=N/A,C=US</example>
@@ -225,6 +235,7 @@
225
235
  <param pos="0" name="os.product" value="iLO"/>
226
236
  <param pos="1" name="host.mac"/>
227
237
  </fingerprint>
238
+
228
239
  <fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=Hewlett Packard Enterprise Network Management Software \(SMH\),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US$">
229
240
  <description>HP iLO - Enterprise Mgmt variant</description>
230
241
  <example>CN=bigsrv99,OU=Hewlett Packard Enterprise Network Management Software (SMH),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
@@ -239,6 +250,7 @@
239
250
  <param pos="0" name="os.product" value="iLO"/>
240
251
  <param pos="1" name="host.name"/>
241
252
  </fingerprint>
253
+
242
254
  <fingerprint pattern="^CN=Oracle Integrated Lights Out Manager,O=Oracle America\\, Inc\.,L=Redwood Shores,ST=California,C=US$">
243
255
  <description>Oracle iLO</description>
244
256
  <example>CN=Oracle Integrated Lights Out Manager,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US</example>
@@ -251,6 +263,7 @@
251
263
  <param pos="0" name="os.family" value="ILOM"/>
252
264
  <param pos="0" name="os.product" value="ILOM"/>
253
265
  </fingerprint>
266
+
254
267
  <fingerprint pattern="^CN=AMI,OU=Service Processors,O=American Megatrends Inc">
255
268
  <description>AMI MegaRAC LOM</description>
256
269
  <example>CN=AMI,OU=Service Processors,O=American Megatrends Inc.,L=Norcross,ST=Georgia,C=US</example>
@@ -264,6 +277,7 @@
264
277
  <param pos="0" name="os.family" value="MegaRAC"/>
265
278
  <param pos="0" name="os.product" value="MegaRAC"/>
266
279
  </fingerprint>
280
+
267
281
  <fingerprint pattern="^CN=C-series CIMC,OU=PID:([^ ]+) SERIAL:([^,]+),O=Cisco">
268
282
  <description>Cisco Integrated Management Controller</description>
269
283
  <example cisco.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
@@ -276,6 +290,7 @@
276
290
  <param pos="2" name="cisco.serial_number"/>
277
291
  <param pos="1" name="cisco.imc_model"/>
278
292
  </fingerprint>
293
+
279
294
  <fingerprint pattern="^CN=C220-(FCH[^,]+),OU=null,O=Cisco Systems Inc">
280
295
  <description>Cisco Integrated Management Controller C220</description>
281
296
  <example cisco.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
@@ -287,6 +302,7 @@
287
302
  <param pos="0" name="os.product" value="IMC"/>
288
303
  <param pos="1" name="cisco.serial_number"/>
289
304
  </fingerprint>
305
+
290
306
  <fingerprint pattern="^CN=avocent.com,OU=AESS,O=Avocent,L=Sunrise,ST=FL,C=US$">
291
307
  <description>Avocent KVM</description>
292
308
  <example>CN=avocent.com,OU=AESS,O=Avocent,L=Sunrise,ST=FL,C=US</example>
@@ -295,6 +311,7 @@
295
311
  <param pos="0" name="os.device" value="KVM"/>
296
312
  <param pos="0" name="os.vendor" value="Avocent"/>
297
313
  </fingerprint>
314
+
298
315
  <fingerprint pattern="^CN=Avocent Mergepoint Unity,O=Avocent Mergepoint Unity,L=Huntsville,ST=Alabama,C=US$">
299
316
  <description>Avocent Mergepoint KVM</description>
300
317
  <example>CN=Avocent Mergepoint Unity,O=Avocent Mergepoint Unity,L=Huntsville,ST=Alabama,C=US</example>
@@ -305,6 +322,7 @@
305
322
  <param pos="0" name="os.vendor" value="Avocent"/>
306
323
  <param pos="0" name="os.product" value="Mergepoint"/>
307
324
  </fingerprint>
325
+
308
326
  <fingerprint pattern="^CN=HP Jetdirect [a-zA-Z0-9]+,OU=([a-fA-F0-9]{12})\+OU=([a-zA-Z0-9]+),O=Hewlett-Packard Co\.$">
309
327
  <description>HP Jet Direct - with host MAC and product</description>
310
328
  <example host.mac="2C413883186A" hw.product="J8028E">CN=HP Jetdirect 38831831,OU=2C413883186A+OU=J8028E,O=Hewlett-Packard Co.</example>
@@ -319,6 +337,7 @@
319
337
  <param pos="2" name="hw.product"/>
320
338
  <param pos="2" name="os.product"/>
321
339
  </fingerprint>
340
+
322
341
  <fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=HP-IPG,O=HP,L=Vancouver,ST=Washington,C=US$">
323
342
  <description>HP Jet Direct</description>
324
343
  <example host.name="HPD49F21">CN=HPD49F21,OU=HP-IPG,O=HP,L=Vancouver,ST=Washington,C=US</example>
@@ -330,6 +349,7 @@
330
349
  <param pos="0" name="os.family" value="JetDirect"/>
331
350
  <param pos="1" name="host.name"/>
332
351
  </fingerprint>
352
+
333
353
  <fingerprint pattern="^CN=(?:Sourcefire3D|firepower|ciscoasa),OU=Intrusion Management System,O=(?:Sourcefire\\, Inc.|Cisco Systems\\, Inc),C=US$">
334
354
  <description>Cisco Firepower</description>
335
355
  <example>CN=firepower,OU=Intrusion Management System,O=Cisco Systems\, Inc,C=US</example>
@@ -343,6 +363,7 @@
343
363
  <param pos="0" name="os.product" value="Firepower"/>
344
364
  <param pos="0" name="os.family" value="Linux"/>
345
365
  </fingerprint>
366
+
346
367
  <fingerprint pattern="^CN=ASA Temporary Self Signed Certificate$">
347
368
  <description>Cisco ASA Temp Cert</description>
348
369
  <example>CN=ASA Temporary Self Signed Certificate</example>
@@ -356,6 +377,7 @@
356
377
  <param pos="0" name="hw.device" value="Firewall"/>
357
378
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
358
379
  </fingerprint>
380
+
359
381
  <fingerprint pattern="^SERIALNUMBER=([a-zA-Z0-9]+),CN=DEVICE-vWLC,O=Cisco Virtual WLC$">
360
382
  <description>Cisco vWLC</description>
361
383
  <example cisco.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
@@ -365,6 +387,7 @@
365
387
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller:-"/>
366
388
  <param pos="1" name="cisco.serial_number"/>
367
389
  </fingerprint>
390
+
368
391
  <fingerprint pattern="^CN=[a-zA-Z0-9\.\-\_]+,OU=DeviceSSL \(WebAdmin\),O=Cisco Systems Inc\.,C=US$">
369
392
  <description>Cisco WLC</description>
370
393
  <example>CN=169.254.1.1,OU=DeviceSSL (WebAdmin),O=Cisco Systems Inc.,C=US</example>
@@ -377,6 +400,7 @@
377
400
  <param pos="0" name="hw.product" value="Wireless LAN Controller"/>
378
401
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:wireless_lan_controller:-"/>
379
402
  </fingerprint>
403
+
380
404
  <fingerprint pattern="^CN=pca,OU=Cisco Prime Collaboration Manager,O=Cisco,L=San Jose,ST=California,C=US$">
381
405
  <description>Cisco Primary Collaboration Manager</description>
382
406
  <example>CN=pca,OU=Cisco Prime Collaboration Manager,O=Cisco,L=San Jose,ST=California,C=US</example>
@@ -387,6 +411,7 @@
387
411
  <param pos="0" name="hw.device" value="Network Management Device"/>
388
412
  <param pos="0" name="hw.product" value="Prime Collaboration Manager"/>
389
413
  </fingerprint>
414
+
390
415
  <fingerprint pattern="^CN=synology\.com.*,O=Synology Inc\.,L=Taipei.*,C=TW$">
391
416
  <description>Synology NAS</description>
392
417
  <example>CN=synology.com,OU=FTP Team,O=Synology Inc.,L=Taipei,ST=Taiwan,C=TW</example>
@@ -399,6 +424,7 @@
399
424
  <param pos="0" name="os.product" value="DSM"/>
400
425
  <param pos="0" name="os.vendor" value="Synology"/>
401
426
  </fingerprint>
427
+
402
428
  <fingerprint pattern="^CN=(?:\*\.)?([a-zA-Z0-9\.\_\-]+)\.wd2go\.com">
403
429
  <description>Western Digital WD2GO Devices</description>
404
430
  <example wd2go.device_id="device1133796-01b3e3fa">CN=device1133796-01b3e3fa.wd2go.com,OU=Domain Control Validated+OU=Hosted by Western Digital Corporation+OU=COMODO SSL Unified Communications</example>
@@ -411,6 +437,7 @@
411
437
  <param pos="0" name="os.device" value="Storage"/>
412
438
  <param pos="1" name="wd2go.device_id"/>
413
439
  </fingerprint>
440
+
414
441
  <fingerprint pattern="^CN=Seagate Technology LLC,O=Seagate Technology LLC,L=Cupertino,ST=California,C=US$">
415
442
  <description>Seagate NAS</description>
416
443
  <example>CN=Seagate Technology LLC,O=Seagate Technology LLC,L=Cupertino,ST=California,C=US</example>
@@ -419,6 +446,7 @@
419
446
  <param pos="0" name="os.vendor" value="Seagate"/>
420
447
  <param pos="0" name="os.family" value="Linux"/>
421
448
  </fingerprint>
449
+
422
450
  <fingerprint pattern="^CN=[\d\.]+,OU=Q-Series,O=Quantum,ST=CO,C=US$">
423
451
  <description>Seagate Q-Series NAS (previously Quantum)</description>
424
452
  <example>CN=1.1.1.1,OU=Q-Series,O=Quantum,ST=CO,C=US</example>
@@ -427,6 +455,7 @@
427
455
  <param pos="0" name="os.vendor" value="Seagate"/>
428
456
  <param pos="0" name="os.family" value="Linux"/>
429
457
  </fingerprint>
458
+
430
459
  <fingerprint pattern="^CN=QNAP NAS,OU=QTS,O=QNAP Systems\\, Inc\.,L=Taipei,ST=Taipei,C=TW$">
431
460
  <description>QNAP NAS</description>
432
461
  <example>CN=QNAP NAS,OU=QTS,O=QNAP Systems\, Inc.,L=Taipei,ST=Taipei,C=TW</example>
@@ -437,32 +466,36 @@
437
466
  <param pos="0" name="os.vendor" value="QNAP Systems"/>
438
467
  <param pos="0" name="os.device" value="Storage"/>
439
468
  </fingerprint>
469
+
440
470
  <fingerprint pattern="^CN=VMware,OU=VMware,L=Palo Alto,C=US$">
441
471
  <description>VMWare Authentication Daemon</description>
442
472
  <example>CN=VMware,OU=VMware,L=Palo Alto,C=US</example>
443
- <param pos="0" name="service.vendor" value="VMWare"/>
473
+ <param pos="0" name="service.vendor" value="VMware"/>
444
474
  <param pos="0" name="service.product" value="vmauthd"/>
445
475
  </fingerprint>
476
+
446
477
  <fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$">
447
478
  <description>VMWare ESX</description>
448
479
  <example>CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
449
- <param pos="0" name="os.vendor" value="VMWare"/>
480
+ <param pos="0" name="os.vendor" value="VMware"/>
450
481
  <param pos="0" name="os.product" value="ESX"/>
451
482
  <param pos="0" name="os.device" value="Hypervisor"/>
452
483
  <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
453
484
  <param pos="1" name="host.name"/>
454
485
  </fingerprint>
486
+
455
487
  <fingerprint pattern="^CN.*,OU=SRM,O=VMware\\, Inc\.,L=Palo Alto,ST=California,C=US$">
456
488
  <description>VMWare SRM</description>
457
489
  <example>CN=SRM01,OU=SRM,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US</example>
458
- <param pos="0" name="os.vendor" value="VMWare"/>
490
+ <param pos="0" name="os.vendor" value="VMware"/>
459
491
  <param pos="0" name="os.product" value="Linux"/>
460
- <param pos="0" name="hw.vendor" value="VMWare"/>
492
+ <param pos="0" name="hw.vendor" value="VMware"/>
461
493
  <param pos="0" name="hw.device" value="Appliance"/>
462
494
  <param pos="0" name="hw.product" value="Site Recovery Manager"/>
463
- <param pos="0" name="service.vendor" value="VMWare"/>
495
+ <param pos="0" name="service.vendor" value="VMware"/>
464
496
  <param pos="0" name="service.product" value="Site Recovery Manager"/>
465
497
  </fingerprint>
498
+
466
499
  <fingerprint pattern="^CN=IOS-Self-Signed-Certificate-">
467
500
  <description>Cisco IOS Default Certificate</description>
468
501
  <example>CN=IOS-Self-Signed-Certificate-4163115936</example>
@@ -473,18 +506,22 @@
473
506
  <param pos="0" name="hw.vendor" value="Cisco"/>
474
507
  <param pos="0" name="hw.device" value="Router"/>
475
508
  </fingerprint>
476
- <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US$">
509
+
510
+ <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=(?:Cast|Google TV),O=Google Inc,L=Mountain View,ST=California,C=US$">
477
511
  <description>Google Chromecast</description>
478
512
  <example chromecast.serial_number="LVDZG5" host.mac_local="FA8FCA67413D">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
513
+ <example chromecast.serial_number="YRBLE" host.mac_local="FA8FCA7DE87D">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
479
514
  <param pos="0" name="os.vendor" value="Google"/>
480
515
  <param pos="0" name="os.product" value="ChromeOS"/>
481
516
  <param pos="0" name="hw.device" value="Media Server"/>
482
517
  <param pos="0" name="hw.vendor" value="Google"/>
483
518
  <param pos="0" name="hw.product" value="Chromecast"/>
484
519
  <param pos="1" name="chromecast.serial_number"/>
485
- <!-- local administered mac address (clear bit 2 of first byte) -->
520
+ <!-- This is the hotspot-mode MAC address (clear bit 2) -->
521
+
486
522
  <param pos="2" name="host.mac_local"/>
487
523
  </fingerprint>
524
+
488
525
  <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=Cast TV \(Vizio\),O=Google Inc,L=Mountain View,ST=California,C=US$">
489
526
  <description>Vizio SmartTV (Android) with Google Cast</description>
490
527
  <example chromecast.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
@@ -495,9 +532,11 @@
495
532
  <param pos="0" name="hw.device" value="Smart TV"/>
496
533
  <param pos="0" name="hw.vendor" value="Vizio"/>
497
534
  <param pos="1" name="chromecast.serial_number"/>
498
- <!-- local administered mac address (clear bit 2 of first byte) -->
535
+ <!-- This is the hotspot-mode MAC address (clear bit 2) -->
536
+
499
537
  <param pos="2" name="host.mac_local"/>
500
538
  </fingerprint>
539
+
501
540
  <fingerprint pattern="^CN=TANDBERG,OU=R&amp;D,O=TANDBERG ASA,L=Lysaker,ST=Askerhus,C=NO$">
502
541
  <description>Cisco (TANDBERG) TelePresence</description>
503
542
  <example>CN=TANDBERG,OU=R&amp;D,O=TANDBERG ASA,L=Lysaker,ST=Askerhus,C=NO</example>
@@ -509,6 +548,7 @@
509
548
  <param pos="0" name="os.product" value="TelePresence"/>
510
549
  <param pos="0" name="os.device" value="Video Conferencing"/>
511
550
  </fingerprint>
551
+
512
552
  <fingerprint pattern="^CN=lifesize.com,C=US$">
513
553
  <description>Lifesize TelePresence</description>
514
554
  <example>CN=lifesize.com,C=US</example>
@@ -520,6 +560,7 @@
520
560
  <param pos="0" name="os.product" value="TelePresence"/>
521
561
  <param pos="0" name="os.device" value="Video Conferencing"/>
522
562
  </fingerprint>
563
+
523
564
  <fingerprint pattern="^CN=MERCURY-([a-fA-F0-9]{12}),OU=Engineering,O=Crestron">
524
565
  <description>Crestron Mercury</description>
525
566
  <example host.mac="00107F1ABAA0">CN=MERCURY-00107F1ABAA0,OU=Engineering,O=Crestron Electronics\, Inc.,L=Rockleigh,ST=NJ,C=US</example>
@@ -531,6 +572,7 @@
531
572
  <param pos="0" name="os.device" value="Video Conferencing"/>
532
573
  <param pos="1" name="host.mac"/>
533
574
  </fingerprint>
575
+
534
576
  <fingerprint pattern="^CN=(AM-\d+)-([a-fA-F0-9]{12}),OU=Engineering,O=Crestron">
535
577
  <description>Crestron AirMedia</description>
536
578
  <example hw.product="AM-200" host.mac="00107FB7B1E2">CN=AM-200-00107FB7B1E2,OU=Engineering,O=Crestron Electronics\, Inc.,L=Rockleigh,ST=NJ,C=US</example>
@@ -542,6 +584,7 @@
542
584
  <param pos="0" name="os.device" value="Video Conferencing"/>
543
585
  <param pos="2" name="host.mac"/>
544
586
  </fingerprint>
587
+
545
588
  <fingerprint pattern="^CN=Crestron,OU=Engineering,O=Crestron Electronics\\, Inc\.,L=Rockleigh,ST=NJ,C=US$">
546
589
  <description>Crestron Video Conferencing</description>
547
590
  <example>CN=Crestron,OU=Engineering,O=Crestron Electronics\, Inc.,L=Rockleigh,ST=NJ,C=US</example>
@@ -551,6 +594,7 @@
551
594
  <param pos="0" name="os.family" value="Linux"/>
552
595
  <param pos="0" name="os.device" value="Video Conferencing"/>
553
596
  </fingerprint>
597
+
554
598
  <fingerprint pattern="^CN=ClickShare-\d+$">
555
599
  <description>ClickShare Wireless Presenter</description>
556
600
  <example>CN=ClickShare-4234234324</example>
@@ -561,6 +605,7 @@
561
605
  <param pos="0" name="os.family" value="ClickShareOS"/>
562
606
  <param pos="0" name="os.device" value="Wireless Presenter"/>
563
607
  </fingerprint>
608
+
564
609
  <fingerprint pattern="^CN=Solstice,OU=Solstice,O=Mersive Technologies Inc,L=Denver,ST=CO,C=US$">
565
610
  <description>SolsticePod</description>
566
611
  <example>CN=Solstice,OU=Solstice,O=Mersive Technologies Inc,L=Denver,ST=CO,C=US</example>
@@ -568,6 +613,7 @@
568
613
  <param pos="0" name="hw.device" value="Wireless Presenter"/>
569
614
  <param pos="0" name="hw.product" value="SolsticePod"/>
570
615
  </fingerprint>
616
+
571
617
  <fingerprint pattern="^CN=Controller,OU=FW,O=ExtronElectronics,ST=CA,C=US$">
572
618
  <description>Extron MediaLink Controller</description>
573
619
  <example>CN=Controller,OU=FW,O=ExtronElectronics,ST=CA,C=US</example>
@@ -577,6 +623,7 @@
577
623
  <param pos="0" name="os.vendor" value="Extron"/>
578
624
  <param pos="0" name="os.family" value="Linux"/>
579
625
  </fingerprint>
626
+
580
627
  <fingerprint pattern="^CN=IPLP,OU=ControlSystems,O=ExtronElectronics,L=Anaheim,ST=CA,C=US$">
581
628
  <description>Extron IPLP </description>
582
629
  <example>CN=IPLP,OU=ControlSystems,O=ExtronElectronics,L=Anaheim,ST=CA,C=US</example>
@@ -586,6 +633,7 @@
586
633
  <param pos="0" name="os.vendor" value="Extron"/>
587
634
  <param pos="0" name="os.family" value="Linux"/>
588
635
  </fingerprint>
636
+
589
637
  <fingerprint pattern="^CN=TLP,OU=ControlSystems,O=ExtronElectronics,L=Anaheim,ST=CA,C=US$">
590
638
  <description>Extron TLP </description>
591
639
  <example>CN=TLP,OU=ControlSystems,O=ExtronElectronics,L=Anaheim,ST=CA,C=US</example>
@@ -595,6 +643,7 @@
595
643
  <param pos="0" name="os.vendor" value="Extron"/>
596
644
  <param pos="0" name="os.family" value="Linux"/>
597
645
  </fingerprint>
646
+
598
647
  <fingerprint pattern="^CN=ShareLink-Pro-.*,OU=AVSystems,O=ExtronElectronics">
599
648
  <description>Extron ShareLink Pro </description>
600
649
  <example>CN=ShareLink-Pro-18-99-99.local.com,OU=AVSystems,O=ExtronElectronics,L=Anaheim,ST=CA,C=US</example>
@@ -604,18 +653,23 @@
604
653
  <param pos="0" name="os.vendor" value="Extron"/>
605
654
  <param pos="0" name="os.family" value="Linux"/>
606
655
  </fingerprint>
656
+
607
657
  <fingerprint pattern="^CN=VMM APIC,OU=VMM\d+,O=Cisco,L=San Jose,ST=CA,C=US$">
608
658
  <description>Cisco APIC</description>
609
659
  <example>CN=VMM APIC,OU=VMM15,O=Cisco,L=San Jose,ST=CA,C=US</example>
610
660
  <param pos="0" name="hw.vendor" value="Cisco"/>
611
661
  <param pos="0" name="hw.product" value="APIC"/>
662
+ <param pos="0" name="hw.device" value="Network Appliance"/>
612
663
  </fingerprint>
664
+
613
665
  <fingerprint pattern="^CN=APIC$">
614
666
  <description>Cisco APIC - bare CN</description>
615
667
  <example>CN=APIC</example>
616
668
  <param pos="0" name="hw.vendor" value="Cisco"/>
617
669
  <param pos="0" name="hw.product" value="APIC"/>
670
+ <param pos="0" name="hw.device" value="Network Appliance"/>
618
671
  </fingerprint>
672
+
619
673
  <fingerprint pattern="^CN=(iPX\d+),OU=I Project,O=Samsung Electronics,L=Suwon,ST=Gyeonggi-do,C=KR$">
620
674
  <description>Samsung Communication Manager</description>
621
675
  <example hw.product="iPX3010">CN=iPX3010,OU=I Project,O=Samsung Electronics,L=Suwon,ST=Gyeonggi-do,C=KR</example>
@@ -626,6 +680,7 @@
626
680
  <param pos="0" name="os.vendor" value="Samsung"/>
627
681
  <param pos="0" name="os.family" value="Linux"/>
628
682
  </fingerprint>
683
+
629
684
  <fingerprint pattern="^CN=www.hikvision.com,OU=DVRNVR,O=HIKVISION,L=HangZhou,ST=ZheJiang,C=CN$">
630
685
  <description>HIKVISION DVR</description>
631
686
  <example>CN=www.hikvision.com,OU=DVRNVR,O=HIKVISION,L=HangZhou,ST=ZheJiang,C=CN</example>
@@ -634,6 +689,7 @@
634
689
  <param pos="0" name="hw.vendor" value="Hikvision"/>
635
690
  <param pos="0" name="hw.device" value="DVR"/>
636
691
  </fingerprint>
692
+
637
693
  <fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=Polatis Switch ([a-zA-Z0-9]+),O=Polatis Inc\.,ST=N/A,C=UK$">
638
694
  <description>Polatis Switch</description>
639
695
  <example host.name="192.168.0.1" hw.product="1591">CN=192.168.0.1,OU=Polatis Switch 1591,O=Polatis Inc.,ST=N/A,C=UK</example>
@@ -645,6 +701,7 @@
645
701
  <param pos="1" name="host.name"/>
646
702
  <param pos="2" name="hw.product"/>
647
703
  </fingerprint>
704
+
648
705
  <fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),O=Fidelis Cybersecurity$">
649
706
  <description>Fidelis CommandPost</description>
650
707
  <example host.name="localhost.localdomain">CN=localhost.localdomain,O=Fidelis Cybersecurity</example>
@@ -655,6 +712,7 @@
655
712
  <param pos="0" name="os.product" value="CommandPost"/>
656
713
  <param pos="1" name="host.name"/>
657
714
  </fingerprint>
715
+
658
716
  <fingerprint pattern="^CN=([a-zA-Z0-9]+\-[a-zA-Z0-9]+)\-([a-zA-Z0-9]+),O=IBM,L=Endicott,ST=New York,C=IN$">
659
717
  <description>IBM POWER System</description>
660
718
  <example hw.product="8284-22A" hw.model="211BAFW">CN=8284-22A-211BAFW,O=IBM,L=Endicott,ST=New York,C=IN</example>
@@ -663,6 +721,7 @@
663
721
  <param pos="1" name="hw.product" value=""/>
664
722
  <param pos="2" name="hw.model"/>
665
723
  </fingerprint>
724
+
666
725
  <fingerprint pattern="^CN=EagleEyeDirectorII.polycom.com,OU=Video Division,O=Polycom Inc.,L=San Jose,ST=California,C=US$">
667
726
  <description>Polycom Eagle Eye Director</description>
668
727
  <example>CN=EagleEyeDirectorII.polycom.com,OU=Video Division,O=Polycom Inc.,L=San Jose,ST=California,C=US</example>
@@ -670,6 +729,7 @@
670
729
  <param pos="0" name="hw.device" value="Video Conferencing"/>
671
730
  <param pos="0" name="hw.product" value="Eagle Eye Director II"/>
672
731
  </fingerprint>
732
+
673
733
  <fingerprint pattern="^CN=([a-zA-Z0-9]+),OU=RD,O=QSC\\, LLC,ST=Colorado,C=US$">
674
734
  <description>Q-SYS Licensing Manager</description>
675
735
  <example host.name="SVRTIP44">CN=SVRTIP44,OU=RD,O=QSC\, LLC,ST=Colorado,C=US</example>
@@ -677,6 +737,7 @@
677
737
  <param pos="0" name="service.product" value="Licensing Manager"/>
678
738
  <param pos="1" name="host.name"/>
679
739
  </fingerprint>
740
+
680
741
  <fingerprint pattern="^CN=([A-Za-z0-9]+),OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
681
742
  <description>Fortinet Gateway</description>
682
743
  <example fortinet.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
@@ -690,6 +751,7 @@
690
751
  <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
691
752
  <param pos="1" name="fortinet.serial_number"/>
692
753
  </fingerprint>
754
+
693
755
  <fingerprint pattern="^CN=([A-Za-z0-9]+),O=Fortinet Ltd\.$">
694
756
  <description>Fortinet Gateway (Older)</description>
695
757
  <example fortinet.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
@@ -702,6 +764,7 @@
702
764
  <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
703
765
  <param pos="1" name="fortinet.serial_number"/>
704
766
  </fingerprint>
767
+
705
768
  <fingerprint pattern="^CN=FortiMail,OU=FortiMail,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
706
769
  <description>Fortinet FortiMail Appliance</description>
707
770
  <example>CN=FortiMail,OU=FortiMail,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
@@ -714,6 +777,7 @@
714
777
  <param pos="0" name="os.device" value="Appliance"/>
715
778
  <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
716
779
  </fingerprint>
780
+
717
781
  <fingerprint pattern="^CN=.*,OU=FortiManager,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
718
782
  <description>Fortinet FortiManager Appliance</description>
719
783
  <example>CN=FMG-VM0000000000,OU=FortiManager,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
@@ -726,6 +790,7 @@
726
790
  <param pos="0" name="os.device" value="Appliance"/>
727
791
  <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
728
792
  </fingerprint>
793
+
729
794
  <fingerprint pattern="^CN=CyberoamApplianceCertificate">
730
795
  <description>Cyberoam SSL VPN</description>
731
796
  <example>CN=CyberoamApplianceCertificate_C35316263111,OU=Cyberoam Appliance,O=Cyberoam,L=Ahmedabad,ST=Gujarat,C=IN</example>
@@ -736,6 +801,7 @@
736
801
  <param pos="0" name="os.vendor" value="Cyberoam"/>
737
802
  <param pos="0" name="os.device" value="VPN"/>
738
803
  </fingerprint>
804
+
739
805
  <fingerprint pattern="^CN=UBNT\-([0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}),OU=Technical Support,O=Ubiquiti Networks Inc.,L=San Jose,ST=CA,C=US$">
740
806
  <description>Ubiquiti Wireless AP</description>
741
807
  <example host.mac="68:72:51:4B:90:16">CN=UBNT-68:72:51:4B:90:16,OU=Technical Support,O=Ubiquiti Networks Inc.,L=San Jose,ST=CA,C=US</example>
@@ -746,6 +812,7 @@
746
812
  <param pos="0" name="os.device" value="WAP"/>
747
813
  <param pos="1" name="host.mac"/>
748
814
  </fingerprint>
815
+
749
816
  <fingerprint pattern="^CN=unifi$">
750
817
  <description>Ubiquiti Controller - unifi bare</description>
751
818
  <example>CN=unifi</example>
@@ -755,6 +822,7 @@
755
822
  <param pos="0" name="os.family" value="Linux"/>
756
823
  <param pos="0" name="os.device" value="Wireless Controller"/>
757
824
  </fingerprint>
825
+
758
826
  <fingerprint pattern="^CN=UniFi,OU=UniFi,O=ubnt\.com,L=San Jose,ST=CA,C=US$">
759
827
  <description>Ubiquiti Controller - unifi</description>
760
828
  <example>CN=UniFi,OU=UniFi,O=ubnt.com,L=San Jose,ST=CA,C=US</example>
@@ -764,6 +832,7 @@
764
832
  <param pos="0" name="os.family" value="Linux"/>
765
833
  <param pos="0" name="os.device" value="Wireless Controller"/>
766
834
  </fingerprint>
835
+
767
836
  <fingerprint pattern="^CN=unifivideo-app$">
768
837
  <description>UniFi Video App</description>
769
838
  <example>CN=unifivideo-app</example>
@@ -773,6 +842,7 @@
773
842
  <param pos="0" name="hw.family" value="UniFi"/>
774
843
  <param pos="0" name="hw.device" value="Web cam"/>
775
844
  </fingerprint>
845
+
776
846
  <fingerprint pattern="^CN=camera\.ubnt\.dev,">
777
847
  <description>UniFi Video Camera</description>
778
848
  <example>CN=camera.ubnt.dev,OU=devint,O=Ubiquiti Networks Inc.,L=Taipei,C=TW</example>
@@ -783,6 +853,7 @@
783
853
  <param pos="0" name="os.family" value="Linux"/>
784
854
  <param pos="0" name="os.device" value="Web cam"/>
785
855
  </fingerprint>
856
+
786
857
  <fingerprint pattern="^CN=UBNT,OU=Technical Support,O=Ubiquiti Networks Inc\.,L=San Jose,ST=CA,C=US$">
787
858
  <description>Ubiquiti Controller</description>
788
859
  <example>CN=UBNT,OU=Technical Support,O=Ubiquiti Networks Inc.,L=San Jose,ST=CA,C=US</example>
@@ -792,6 +863,7 @@
792
863
  <param pos="0" name="os.family" value="Linux"/>
793
864
  <param pos="0" name="os.device" value="Wireless Controller"/>
794
865
  </fingerprint>
866
+
795
867
  <fingerprint pattern="^CN=CloudKey,O=Ubiquiti Networks,L=San Jose,ST=CA,C=US$">
796
868
  <description>Ubiquiti CloudKey Controller</description>
797
869
  <example>CN=CloudKey,O=Ubiquiti Networks,L=San Jose,ST=CA,C=US</example>
@@ -803,6 +875,7 @@
803
875
  <param pos="0" name="os.device" value="Wireless Controller"/>
804
876
  <param pos="0" name="os.product" value="CloudKey"/>
805
877
  </fingerprint>
878
+
806
879
  <fingerprint pattern="^CN=UBNT Router UI,O=Ubiquiti Networks,L=San Jose,ST=CA,C=US$">
807
880
  <description>Ubiquiti Router</description>
808
881
  <example>CN=UBNT Router UI,O=Ubiquiti Networks,L=San Jose,ST=CA,C=US</example>
@@ -812,6 +885,7 @@
812
885
  <param pos="0" name="os.family" value="Linux"/>
813
886
  <param pos="0" name="os.device" value="Router"/>
814
887
  </fingerprint>
888
+
815
889
  <fingerprint pattern="^CN=UniFi-Video Controller,OU=R&amp;D,O=Ubiquiti Networks,L=New York,ST=NY,C=US$">
816
890
  <description>Ubiquiti Video Controller</description>
817
891
  <example>CN=UniFi-Video Controller,OU=R&amp;D,O=Ubiquiti Networks,L=New York,ST=NY,C=US</example>
@@ -822,13 +896,15 @@
822
896
  <param pos="0" name="os.family" value="Linux"/>
823
897
  <param pos="0" name="os.device" value="DVR"/>
824
898
  </fingerprint>
899
+
825
900
  <fingerprint pattern="^CN=GreenWave Systems,OU=PKI,O=GreenWave Systems,L=Irvine,ST=California,C=US$">
826
901
  <description>Verizon / Greenwave FIOS Router</description>
827
902
  <example>CN=GreenWave Systems,OU=PKI,O=GreenWave Systems,L=Irvine,ST=California,C=US</example>
828
903
  <param pos="0" name="hw.vendor" value="Greenwave Systems"/>
829
- <param pos="0" name="hw.device" value="Broadband Router"/>
904
+ <param pos="0" name="hw.device" value="Broadband router"/>
830
905
  <param pos="0" name="hw.product" value="Verizon FiOS Router"/>
831
906
  </fingerprint>
907
+
832
908
  <fingerprint pattern="^CN=PoliWall,OU=Bandura Labs,O=Bandura\\, LLC\.,L=Lake Saint Louis,ST=Missouri,C=US$">
833
909
  <description>PoliWall Firewall Original</description>
834
910
  <example>CN=PoliWall,OU=Bandura Labs,O=Bandura\, LLC.,L=Lake Saint Louis,ST=Missouri,C=US</example>
@@ -836,6 +912,7 @@
836
912
  <param pos="0" name="hw.device" value="Firewall"/>
837
913
  <param pos="0" name="hw.product" value="PoliWall"/>
838
914
  </fingerprint>
915
+
839
916
  <fingerprint pattern="^CN=poliwall,OU=IT,O=Bandura,L=St\. Louis,ST=Missouri,C=US$">
840
917
  <description>PoliWall Firewall Newer Cert</description>
841
918
  <example>CN=poliwall,OU=IT,O=Bandura,L=St. Louis,ST=Missouri,C=US</example>
@@ -843,6 +920,7 @@
843
920
  <param pos="0" name="hw.device" value="Firewall"/>
844
921
  <param pos="0" name="hw.product" value="PoliWall"/>
845
922
  </fingerprint>
923
+
846
924
  <fingerprint pattern="^CN=pfSense-[a-zA-Z0-9]+,O=pfSense webConfigurator Self-Signed Certificate">
847
925
  <description>pfSense Firewall</description>
848
926
  <example>CN=pfSense-58fb5b0b06777,O=pfSense webConfigurator Self-Signed Certificate,L=Locality,ST=State,C=US</example>
@@ -853,6 +931,7 @@
853
931
  <param pos="0" name="os.vendor" value="pfSense"/>
854
932
  <param pos="0" name="os.product" value="FreeBSD"/>
855
933
  </fingerprint>
934
+
856
935
  <fingerprint pattern="^CN=Common Name \(eg\\, YOUR name\),OU=Organizational Unit Name \(eg\\, section\),O=CompanyName,L=Somecity,ST=Somewhere,C=US$">
857
936
  <description>pfSense Firewall Default Certificate</description>
858
937
  <example>CN=Common Name (eg\, YOUR name),OU=Organizational Unit Name (eg\, section),O=CompanyName,L=Somecity,ST=Somewhere,C=US</example>
@@ -862,6 +941,7 @@
862
941
  <param pos="0" name="os.vendor" value="pfSense"/>
863
942
  <param pos="0" name="os.product" value="FreeBSD"/>
864
943
  </fingerprint>
944
+
865
945
  <fingerprint pattern="^O=OPNsense,L=Middelharnis,ST=Zuid-Holland,C=NL$">
866
946
  <description>OPNsense Firewall</description>
867
947
  <example>O=OPNsense,L=Middelharnis,ST=Zuid-Holland,C=NL</example>
@@ -871,6 +951,7 @@
871
951
  <param pos="0" name="os.vendor" value="OPNsense"/>
872
952
  <param pos="0" name="os.product" value="FreeBSD"/>
873
953
  </fingerprint>
954
+
874
955
  <fingerprint pattern="^CN=NetVanta,O=ADTRAN\\, Inc\.,L=Huntsville,ST=AL,C=US$" certainty="0.9">
875
956
  <description>ADTRAN Netvanta Router</description>
876
957
  <example>CN=NetVanta,O=ADTRAN\, Inc.,L=Huntsville,ST=AL,C=US</example>
@@ -881,6 +962,7 @@
881
962
  <param pos="0" name="hw.vendor" value="ADTRAN"/>
882
963
  <param pos="0" name="hw.family" value="NetVanta"/>
883
964
  </fingerprint>
965
+
884
966
  <fingerprint pattern="^CN=SophosApplianceCertificate">
885
967
  <description>Sophos Appliance</description>
886
968
  <example>CN=SophosApplianceCertificate_C330AC22W713PAF,OU=OU,O=Green House Data,L=Cheyenne,ST=WY,C=US</example>
@@ -889,6 +971,7 @@
889
971
  <param pos="0" name="hw.vendor" value="Sophos"/>
890
972
  <param pos="0" name="hw.device" value="Appliance"/>
891
973
  </fingerprint>
974
+
892
975
  <fingerprint pattern="^CN=Hubitat Elevation,OU=Hub,O=Hubitat\\, Inc\.,L=Scottsdale,ST=Arizona,C=US$">
893
976
  <description>Hubitat Device Hub</description>
894
977
  <example>CN=Hubitat Elevation,OU=Hub,O=Hubitat\, Inc.,L=Scottsdale,ST=Arizona,C=US</example>
@@ -898,22 +981,25 @@
898
981
  <param pos="0" name="os.vendor" value="Hubitat"/>
899
982
  <param pos="0" name="os.product" value="Linux"/>
900
983
  </fingerprint>
984
+
901
985
  <fingerprint pattern="^CN=MAC([a-fA-F0-9]{12}),OU=([^,]+),O=Mercury Security Products\\, LLC,L=Long Beach,ST=CA,C=US$">
902
986
  <description>Mercurity Security (now HID Global)</description>
903
987
  <example hw.product="M5IC" host.mac="000FE507A1F1">CN=MAC000FE507A1F1,OU=M5IC,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
904
988
  <example hw.product="EP-1502" host.mac="000FE508BC71">CN=MAC000FE508BC71,OU=EP-1502,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
905
989
  <param pos="0" name="hw.vendor" value="Mercury Security"/>
906
- <param pos="0" name="hw.device" value="Access Controller"/>
990
+ <param pos="0" name="hw.device" value="Access Control"/>
907
991
  <param pos="1" name="host.mac"/>
908
992
  <param pos="2" name="hw.product"/>
909
993
  </fingerprint>
994
+
910
995
  <fingerprint pattern="^CN=Mercury Security EP-series,O=Mercury Security Corp\.,L=Long Beach,ST=CA,C=US$">
911
996
  <description>Mercurity Security (now HID Global) No MAC</description>
912
997
  <example>CN=Mercury Security EP-series,O=Mercury Security Corp.,L=Long Beach,ST=CA,C=US</example>
913
998
  <param pos="0" name="hw.vendor" value="Mercury Security"/>
914
- <param pos="0" name="hw.device" value="Access Controller"/>
999
+ <param pos="0" name="hw.device" value="Access Control"/>
915
1000
  <param pos="0" name="hw.product" value="EP-series"/>
916
1001
  </fingerprint>
1002
+
917
1003
  <fingerprint pattern="^CN=securelogin.arubanetworks.com,">
918
1004
  <description>Aruba Wireless Controller</description>
919
1005
  <example>CN=securelogin.arubanetworks.com,O=Aruba Networks,C=US</example>
@@ -922,6 +1008,7 @@
922
1008
  <param pos="0" name="hw.device" value="Wireless Controller"/>
923
1009
  <param pos="0" name="hw.product" value="Captive Portal"/>
924
1010
  </fingerprint>
1011
+
925
1012
  <fingerprint pattern="^CN=Fireware web CA,OU=Fireware,O=WatchGuard$">
926
1013
  <description>WatchGuard Firewall</description>
927
1014
  <example>CN=Fireware web CA,OU=Fireware,O=WatchGuard</example>
@@ -931,15 +1018,17 @@
931
1018
  <param pos="0" name="os.product" value="Fireware"/>
932
1019
  <param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
933
1020
  </fingerprint>
1021
+
934
1022
  <fingerprint pattern="^CN=[0-9\.]+,OU=SSL-VPN,O=SonicWALL\\, Inc\.,L=Sunnyvale,ST=CA,C=US$">
935
1023
  <description>SonicWALL Firewall</description>
936
1024
  <example>CN=192.168.200.1,OU=SSL-VPN,O=SonicWALL\, Inc.,L=Sunnyvale,ST=CA,C=US</example>
937
- <param pos="0" name="hw.vendor" value="SonicWALL"/>
1025
+ <param pos="0" name="hw.vendor" value="SonicWall"/>
938
1026
  <param pos="0" name="hw.device" value="VPN"/>
939
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1027
+ <param pos="0" name="os.vendor" value="SonicWall"/>
940
1028
  <param pos="0" name="os.product" value="VPN"/>
941
1029
  <param pos="0" name="os.family" value="VPN"/>
942
1030
  </fingerprint>
1031
+
943
1032
  <fingerprint pattern="^CN=.*\.akamai\.net,O=Akamai Technologies\\, Inc\.,L=Cambridge,ST=Massachusetts,C=US$">
944
1033
  <description>Akamai Global Host</description>
945
1034
  <example>CN=a248.e.akamai.net,O=Akamai Technologies\, Inc.,L=Cambridge,ST=Massachusetts,C=US</example>
@@ -948,6 +1037,7 @@
948
1037
  <param pos="0" name="os.vendor" value="Akamai"/>
949
1038
  <param pos="0" name="os.device" value="Web proxy"/>
950
1039
  </fingerprint>
1040
+
951
1041
  <fingerprint pattern="^CN=HP_3PAR_">
952
1042
  <description>HP 3PAR</description>
953
1043
  <example>CN=HP_3PAR_1626615</example>
@@ -956,6 +1046,7 @@
956
1046
  <param pos="0" name="hw.device" value="Storage"/>
957
1047
  <param pos="0" name="hw.product" value="3PAR"/>
958
1048
  </fingerprint>
1049
+
959
1050
  <fingerprint pattern="^CN=(?:alienvault|VirtualUSMAllInOne)$">
960
1051
  <description>Alienvault OSSIM</description>
961
1052
  <example>CN=alienvault</example>
@@ -965,6 +1056,7 @@
965
1056
  <param pos="0" name="os.product" value="OSSIM"/>
966
1057
  <param pos="0" name="os.family" value="Linux"/>
967
1058
  </fingerprint>
1059
+
968
1060
  <fingerprint pattern="^CN=Canon (iR-[a-zA-Z0-9\.\-\_]+)$">
969
1061
  <description>Canon iR-ADV Printer with product info</description>
970
1062
  <example os.product="iR-ADV">CN=Canon iR-ADV</example>
@@ -975,6 +1067,7 @@
975
1067
  <param pos="1" name="hw.product"/>
976
1068
  <param pos="1" name="os.product"/>
977
1069
  </fingerprint>
1070
+
978
1071
  <fingerprint pattern="^CN=Canon Imaging Product$">
979
1072
  <description>Canon iR-ADV Printer</description>
980
1073
  <example>CN=Canon Imaging Product</example>
@@ -983,6 +1076,7 @@
983
1076
  <param pos="0" name="os.device" value="Printer"/>
984
1077
  <param pos="0" name="os.vendor" value="Canon"/>
985
1078
  </fingerprint>
1079
+
986
1080
  <fingerprint pattern="^CN=ScanFront$">
987
1081
  <description>Canon ScanFront Simple</description>
988
1082
  <example>CN=ScanFront</example>
@@ -993,6 +1087,7 @@
993
1087
  <param pos="0" name="os.vendor" value="Canon"/>
994
1088
  <param pos="0" name="os.product" value="ScanFront"/>
995
1089
  </fingerprint>
1090
+
996
1091
  <fingerprint pattern="^CN=ScanFront,OU=IMS,O=CANON ELECTRONICS INC\.,L=Minato-ku,ST=Tokyo,C=JP$">
997
1092
  <description>Canon ScanFront Full</description>
998
1093
  <example>CN=ScanFront,OU=IMS,O=CANON ELECTRONICS INC.,L=Minato-ku,ST=Tokyo,C=JP</example>
@@ -1003,6 +1098,7 @@
1003
1098
  <param pos="0" name="os.vendor" value="Canon"/>
1004
1099
  <param pos="0" name="os.product" value="ScanFront"/>
1005
1100
  </fingerprint>
1101
+
1006
1102
  <fingerprint pattern="^CN=tnsappliance.*,O=Tenable Network Security\\, Inc\.,L=Columbia,ST=Maryland,C=US$">
1007
1103
  <description>Tenable Appliance</description>
1008
1104
  <example>CN=tnsappliance-b088a321,OU=--,O=Tenable Network Security\, Inc.,L=Columbia,ST=Maryland,C=US</example>
@@ -1014,6 +1110,7 @@
1014
1110
  <param pos="0" name="os.vendor" value="Tenable"/>
1015
1111
  <param pos="0" name="os.product" value="Tenable Core"/>
1016
1112
  </fingerprint>
1113
+
1017
1114
  <fingerprint pattern="^CN=extrahop,OU=extrahop\.com,O=ExtraHop,C=US$">
1018
1115
  <description>ExtraHop Appliance</description>
1019
1116
  <example>CN=extrahop,OU=extrahop.com,O=ExtraHop,C=US</example>
@@ -1024,6 +1121,7 @@
1024
1121
  <param pos="0" name="os.vendor" value="ExtraHop"/>
1025
1122
  <param pos="0" name="os.product" value="Discover"/>
1026
1123
  </fingerprint>
1124
+
1027
1125
  <fingerprint pattern="^CN=Ruckus Wireless ZoneDirector SN-(\d+),O=Ruckus Wireless\\, Inc\.,ST=CA,C=US$">
1028
1126
  <description>Ruckus Zone Director</description>
1029
1127
  <example ruckus.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
@@ -1035,6 +1133,7 @@
1035
1133
  <param pos="0" name="os.product" value="Zone Director"/>
1036
1134
  <param pos="1" name="ruckus.serial_number"/>
1037
1135
  </fingerprint>
1136
+
1038
1137
  <fingerprint pattern="^CN=DT([^\s]+) Series,O=NEC Corporation,ST=Tokyo,C=JP$">
1039
1138
  <description>NEC DT Series IP Phone</description>
1040
1139
  <example>CN=DT800 Series,O=NEC Corporation,ST=Tokyo,C=JP</example>
@@ -1044,6 +1143,7 @@
1044
1143
  <param pos="0" name="hw.device" value="VoIP"/>
1045
1144
  <param pos="1" name="hw.product"/>
1046
1145
  </fingerprint>
1146
+
1047
1147
  <fingerprint pattern="^CN=([a-fA-F0-9]{12}),O=Polycom Inc\.$">
1048
1148
  <description>Polycom SoundPoint IP Phone</description>
1049
1149
  <example host.mac="64167F169981">CN=64167F169981,O=Polycom Inc.</example>
@@ -1054,6 +1154,7 @@
1054
1154
  <param pos="0" name="hw.product" value="SoundPoint"/>
1055
1155
  <param pos="1" name="host.mac"/>
1056
1156
  </fingerprint>
1157
+
1057
1158
  <fingerprint pattern="^CN=EN Software Production &amp; Release,OU=Enterprise Networks,O=Siemens AG,L=Munich,ST=Germany,C=DE$">
1058
1159
  <description>Siemens EN Software</description>
1059
1160
  <example>CN=EN Software Production &amp; Release,OU=Enterprise Networks,O=Siemens AG,L=Munich,ST=Germany,C=DE</example>
@@ -1062,6 +1163,7 @@
1062
1163
  <param pos="0" name="hw.vendor" value="Siemens"/>
1063
1164
  <param pos="0" name="hw.device" value="VoIP"/>
1064
1165
  </fingerprint>
1166
+
1065
1167
  <fingerprint pattern="^CN=SecureConnect server,O=Quest,ST=CA,C=US$">
1066
1168
  <description>SecureConnect SSL VPN</description>
1067
1169
  <example>CN=SecureConnect server,O=Quest,ST=CA,C=US</example>
@@ -1070,6 +1172,7 @@
1070
1172
  <param pos="0" name="os.vendor" value="SecureConnect"/>
1071
1173
  <param pos="0" name="os.device" value="VPN"/>
1072
1174
  </fingerprint>
1175
+
1073
1176
  <fingerprint pattern="^CN=RecoverPoint,OU=Data Protection and Availability Division,O=EMC Corporation,L=Hopkinton,ST=Massachusetts,C=US$">
1074
1177
  <description>RecoverPoint Appliance</description>
1075
1178
  <example>CN=RecoverPoint,OU=Data Protection and Availability Division,O=EMC Corporation,L=Hopkinton,ST=Massachusetts,C=US</example>
@@ -1080,6 +1183,7 @@
1080
1183
  <param pos="0" name="os.vendor" value="EMC"/>
1081
1184
  <param pos="0" name="os.product" value="RecoverPoint"/>
1082
1185
  </fingerprint>
1186
+
1083
1187
  <fingerprint pattern="^CN=[a-fA-F0-9]+,O=Palo Alto Networks,L=Santa Clara,ST=CA,C=US$">
1084
1188
  <description>Palo Alto Firewall</description>
1085
1189
  <example>CN=d9fc2294968367a3a8ad1acd4c816c78444e6ea4d69869b40cc9751951fd3693,O=Palo Alto Networks,L=Santa Clara,ST=CA,C=US</example>
@@ -1089,12 +1193,14 @@
1089
1193
  <param pos="0" name="os.product" value="PANOS"/>
1090
1194
  <param pos="0" name="os.device" value="Firewall"/>
1091
1195
  </fingerprint>
1196
+
1092
1197
  <fingerprint pattern="^CN=VMware default certificate,OU=vCenterServer.*,O=VMware\\, Inc\.$">
1093
1198
  <description>VMWare vCenter</description>
1094
1199
  <example>CN=VMware default certificate,OU=vCenterServer_2013.09.26_220623,O=VMware\, Inc.</example>
1095
- <param pos="0" name="service.vendor" value="VMWare"/>
1200
+ <param pos="0" name="service.vendor" value="VMware"/>
1096
1201
  <param pos="0" name="service.product" value="vCenter"/>
1097
1202
  </fingerprint>
1203
+
1098
1204
  <fingerprint pattern="^CN=selfappliance,OU=Engineering,O=Symplified,L=Boulder,ST=Colorado,C=US$">
1099
1205
  <description>Symplified IAM Appliance (now RSA)</description>
1100
1206
  <example>CN=selfappliance,OU=Engineering,O=Symplified,L=Boulder,ST=Colorado,C=US</example>
@@ -1102,12 +1208,14 @@
1102
1208
  <param pos="0" name="hw.device" value="Appliance"/>
1103
1209
  <param pos="0" name="hw.product" value="IAM"/>
1104
1210
  </fingerprint>
1211
+
1105
1212
  <fingerprint pattern="^CN=OpenWrt,L=Leipzig,ST=Saxony,C=DE$">
1106
1213
  <description>OpenWRT WAP</description>
1107
1214
  <example>CN=OpenWrt,L=Leipzig,ST=Saxony,C=DE</example>
1108
1215
  <param pos="0" name="os.vendor" value="OpenWRT"/>
1109
1216
  <param pos="0" name="os.device" value="WAP"/>
1110
1217
  </fingerprint>
1218
+
1111
1219
  <fingerprint pattern="^CN=axis-([a-fA-F0-9]{12}),O=Axis Communications AB$">
1112
1220
  <description>Axis Communications Web Cam</description>
1113
1221
  <example host.mac="accc8ea31abf">CN=axis-accc8ea31abf,O=Axis Communications AB</example>
@@ -1118,6 +1226,7 @@
1118
1226
  <param pos="0" name="os.family" value="Linux"/>
1119
1227
  <param pos="1" name="host.mac"/>
1120
1228
  </fingerprint>
1229
+
1121
1230
  <fingerprint pattern="^CN=([^,]+),OU=Nortek,O=ELAN,L=StuddardMD,ST=[^,]+,C=US$">
1122
1231
  <description>ELAN Web Cam</description>
1123
1232
  <example host.name="ServerRoom">CN=ServerRoom,OU=Nortek,O=ELAN,L=StuddardMD,ST=10000,C=US</example>
@@ -1129,6 +1238,7 @@
1129
1238
  <param pos="0" name="os.family" value="Linux"/>
1130
1239
  <param pos="1" name="host.name"/>
1131
1240
  </fingerprint>
1241
+
1132
1242
  <fingerprint pattern="^CN=Dell_OpenManage.*,OU=PG,O=Dell Inc\.,ST=Texas,C=US$">
1133
1243
  <description>Dell OpenManage</description>
1134
1244
  <example>CN=Dell_OpenManage01,OU=PG,O=Dell Inc.,ST=Texas,C=US</example>
@@ -1139,6 +1249,7 @@
1139
1249
  <param pos="0" name="os.device" value="Appliance"/>
1140
1250
  <param pos="0" name="os.family" value="Linux"/>
1141
1251
  </fingerprint>
1252
+
1142
1253
  <fingerprint pattern="^CN=Equallogic PS Array,OU=Dell Equallogic,O=Dell Inc\.,L=Nashua,ST=New Hampshire,C=US$">
1143
1254
  <description>Dell EqualLogic PS Array</description>
1144
1255
  <example>CN=Equallogic PS Array,OU=Dell Equallogic,O=Dell Inc.,L=Nashua,ST=New Hampshire,C=US</example>
@@ -1149,6 +1260,7 @@
1149
1260
  <param pos="0" name="os.device" value="Storage"/>
1150
1261
  <param pos="0" name="os.product" value="EqualLogic"/>
1151
1262
  </fingerprint>
1263
+
1152
1264
  <fingerprint pattern="^CN=opennac\.test,L=Madrid,ST=Madrid,C=ES$">
1153
1265
  <description>OpenNAC Appliance</description>
1154
1266
  <example>CN=opennac.test,L=Madrid,ST=Madrid,C=ES</example>
@@ -1159,6 +1271,7 @@
1159
1271
  <param pos="0" name="os.family" value="Linux"/>
1160
1272
  <param pos="0" name="os.product" value="Linux"/>
1161
1273
  </fingerprint>
1274
+
1162
1275
  <fingerprint pattern="^CN=SmartEdge Sensor,O=AirMagnet,L=Sunnyvale,ST=California,C=US$">
1163
1276
  <description>AirMagnet SmartEdge Sensor</description>
1164
1277
  <example>CN=SmartEdge Sensor,O=AirMagnet,L=Sunnyvale,ST=California,C=US</example>
@@ -1166,6 +1279,7 @@
1166
1279
  <param pos="0" name="hw.device" value="Wireless Controller"/>
1167
1280
  <param pos="0" name="hw.product" value="SmartEdge Sensor"/>
1168
1281
  </fingerprint>
1282
+
1169
1283
  <fingerprint pattern="^CN=Sensor WebUI,O=AirDefense Inc.,L=Alpharetta,ST=GA,C=US$">
1170
1284
  <description>AirDefense Inc Sensor</description>
1171
1285
  <example>CN=Sensor WebUI,O=AirDefense Inc.,L=Alpharetta,ST=GA,C=US</example>
@@ -1173,6 +1287,7 @@
1173
1287
  <param pos="0" name="hw.device" value="Wireless Controller"/>
1174
1288
  <param pos="0" name="hw.product" value="Sensor"/>
1175
1289
  </fingerprint>
1290
+
1176
1291
  <fingerprint pattern="^CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US$">
1177
1292
  <description>Aerohive Access Point</description>
1178
1293
  <example>CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US</example>
@@ -1183,16 +1298,18 @@
1183
1298
  <param pos="0" name="os.family" value="Linux"/>
1184
1299
  <param pos="0" name="os.product" value="Linux"/>
1185
1300
  </fingerprint>
1301
+
1186
1302
  <fingerprint pattern="^CN=(usg[^_]+)_([a-fA-F0-9]{12})$">
1187
1303
  <description>ZyWall Router</description>
1188
1304
  <example hw.product="usg20w" host.mac="5CF4AB615FAC">CN=usg20w_5CF4AB615FAC</example>
1189
1305
  <example hw.product="usg20w" host.mac="5067F0BC1D3C">CN=usg20w_5067F0BC1D3C</example>
1190
1306
  <example hw.product="usg20" host.mac="107BEF0AD201">CN=usg20_107BEF0AD201</example>
1191
- <param pos="0" name="hw.vendor" value="ZyWall"/>
1192
- <param pos="0" name="hw.device" value="Broadband Router"/>
1307
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1308
+ <param pos="0" name="hw.device" value="Broadband router"/>
1193
1309
  <param pos="1" name="hw.product"/>
1194
1310
  <param pos="2" name="host.mac"/>
1195
1311
  </fingerprint>
1312
+
1196
1313
  <fingerprint pattern="^CN=([a-fA-F0-9]{16}),O=Philips Hue,C=NL$">
1197
1314
  <description>Philips Hue Personal Wireless Lighting</description>
1198
1315
  <example host.mac_eui64="001788fffe4f1999">CN=001788fffe4f1999,O=Philips Hue,C=NL</example>
@@ -1201,6 +1318,7 @@
1201
1318
  <param pos="0" name="hw.device" value="Light Bulb"/>
1202
1319
  <param pos="1" name="host.mac_eui64"/>
1203
1320
  </fingerprint>
1321
+
1204
1322
  <fingerprint pattern="^CN=www\.ibm\.com,OU=IBM i Service,L=Rochester,ST=Minnesota,C=US$">
1205
1323
  <description>IBM iSeries Service Console</description>
1206
1324
  <example>CN=www.ibm.com,OU=IBM i Service,L=Rochester,ST=Minnesota,C=US</example>
@@ -1209,6 +1327,7 @@
1209
1327
  <param pos="0" name="os.product" value="OS/400"/>
1210
1328
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
1211
1329
  </fingerprint>
1330
+
1212
1331
  <fingerprint pattern="^CN=.*\.ip\.kaptivo\.live,">
1213
1332
  <description>Kaptivo Whiteboard</description>
1214
1333
  <example>CN=*.ip.kaptivo.live,OU=Domain Control Validated+OU=PositiveSSL Wildcard</example>
@@ -1216,6 +1335,7 @@
1216
1335
  <param pos="0" name="hw.product" value="Whiteboard"/>
1217
1336
  <param pos="0" name="hw.device" value="Whiteboard"/>
1218
1337
  </fingerprint>
1338
+
1219
1339
  <fingerprint pattern="^CN=.*,OU=Network Security Management,O=FireEye\\, Inc\.,L=Milpitas,ST=California,C=US$">
1220
1340
  <description>FireEye Appliance</description>
1221
1341
  <example>CN=noc-feye-ex2,OU=Network Security Management,O=FireEye\, Inc.,L=Milpitas,ST=California,C=US</example>
@@ -1223,6 +1343,7 @@
1223
1343
  <param pos="0" name="hw.product" value="Appliance"/>
1224
1344
  <param pos="0" name="hw.device" value="Security Appliance"/>
1225
1345
  </fingerprint>
1346
+
1226
1347
  <fingerprint pattern="^CN=.*,OU=IA,O=FireEye,L=Charlottesville,ST=Virginia,C=US$">
1227
1348
  <description>FireEye Investigation Analysis System Appliance</description>
1228
1349
  <example>CN=noc-feye-ia2,OU=IA,O=FireEye,L=Charlottesville,ST=Virginia,C=US</example>
@@ -1230,6 +1351,7 @@
1230
1351
  <param pos="0" name="hw.product" value="IA Appliance"/>
1231
1352
  <param pos="0" name="hw.device" value="Security Appliance"/>
1232
1353
  </fingerprint>
1354
+
1233
1355
  <fingerprint pattern="^CN=.*,OU=Gigamon Network Visibility Systems,O=Gigamon Inc\.,L=Santa Clara,ST=California,C=US$">
1234
1356
  <description>Gigamon GigaVUE Appliance</description>
1235
1357
  <example>CN=gvue01,OU=Gigamon Network Visibility Systems,O=Gigamon Inc.,L=Santa Clara,ST=California,C=US</example>
@@ -1237,6 +1359,7 @@
1237
1359
  <param pos="0" name="hw.device" value="Monitoring"/>
1238
1360
  <param pos="0" name="hw.product" value="GigaVUE"/>
1239
1361
  </fingerprint>
1362
+
1240
1363
  <fingerprint pattern="^CN=.*,OU=Telliris,O=DAC Systems,L=Shelton,ST=Connecticut,C=US$">
1241
1364
  <description>Telliris IVR</description>
1242
1365
  <example>CN=Telliris-IVR,OU=Telliris,O=DAC Systems,L=Shelton,ST=Connecticut,C=US</example>
@@ -1244,6 +1367,7 @@
1244
1367
  <param pos="0" name="hw.device" value="Voice Appliance"/>
1245
1368
  <param pos="0" name="hw.product" value="IVR"/>
1246
1369
  </fingerprint>
1370
+
1247
1371
  <fingerprint pattern="^CN=SLS,O=Lantronix,L=Irvine,ST=California,C=US$">
1248
1372
  <description>Lantronix SLS terminal server</description>
1249
1373
  <example>CN=SLS,O=Lantronix,L=Irvine,ST=California,C=US</example>
@@ -1251,6 +1375,7 @@
1251
1375
  <param pos="0" name="hw.device" value="Device Server"/>
1252
1376
  <param pos="0" name="hw.product" value="SLS"/>
1253
1377
  </fingerprint>
1378
+
1254
1379
  <fingerprint pattern="^CN=Tintri Default Certificate,OU=Tintri Server Certificate,O=Tintri\\, Inc\.,L=Mountain View,ST=CA,C=US$">
1255
1380
  <description>Tintri Storage Appliance</description>
1256
1381
  <example>CN=Tintri Default Certificate,OU=Tintri Server Certificate,O=Tintri\, Inc.,L=Mountain View,ST=CA,C=US</example>
@@ -1258,4 +1383,48 @@
1258
1383
  <param pos="0" name="hw.device" value="NAS"/>
1259
1384
  <param pos="0" name="hw.product" value="Storage Appliance"/>
1260
1385
  </fingerprint>
1261
- </fingerprints>
1386
+
1387
+ <fingerprint pattern="^CN=axonius,O=Axonius\\, Inc,L=New York City,ST=New York,C=US$">
1388
+ <description>Axonius Appliance</description>
1389
+ <example>CN=axonius,O=Axonius\, Inc,L=New York City,ST=New York,C=US</example>
1390
+ <param pos="0" name="hw.vendor" value="Axonius"/>
1391
+ <param pos="0" name="hw.device" value="Security Appliance"/>
1392
+ <param pos="0" name="hw.product" value="Asset Management"/>
1393
+ </fingerprint>
1394
+
1395
+ <fingerprint pattern="^CN=AVIGILON-CAMERA-([a-zA-Z0-9\.\-]+)-\d+,OU=Certification Manager,O=Avigilon Corporation,L=Vancouver,ST=British Columbia,C=CA$">
1396
+ <description>Avigilon IP Camera</description>
1397
+ <example hw.product="5.0-H3-DP1">CN=AVIGILON-CAMERA-5.0-H3-DP1-1242900,OU=Certification Manager,O=Avigilon Corporation,L=Vancouver,ST=British Columbia,C=CA</example>
1398
+ <param pos="0" name="hw.vendor" value="Avigilon"/>
1399
+ <param pos="0" name="hw.device" value="IP Camera"/>
1400
+ <param pos="1" name="hw.product"/>
1401
+ <param pos="0" name="os.vendor" value="Avigilon"/>
1402
+ <param pos="0" name="os.family" value="Linux"/>
1403
+ <param pos="0" name="os.product" value="Linux"/>
1404
+ </fingerprint>
1405
+
1406
+ <fingerprint pattern="^CN=TCAM,OU=Security,O=Truen,L=Seoul,ST=Seoul,C=KR$">
1407
+ <description>Truen IP Camera (Often Rebranded)</description>
1408
+ <example>CN=TCAM,OU=Security,O=Truen,L=Seoul,ST=Seoul,C=KR</example>
1409
+ <param pos="0" name="hw.certainty" value="0.5"/>
1410
+ <param pos="0" name="hw.vendor" value="Truen"/>
1411
+ <param pos="0" name="hw.device" value="IP Camera"/>
1412
+ <param pos="0" name="os.certainty" value="0.5"/>
1413
+ <param pos="0" name="os.vendor" value="Truen"/>
1414
+ <param pos="0" name="os.family" value="Linux"/>
1415
+ <param pos="0" name="os.product" value="Linux"/>
1416
+ </fingerprint>
1417
+
1418
+ <fingerprint pattern="^CN=device.wilibox.com,OU=R&amp;D,O=WILIBOX UAB,L=Kaunas,ST=-,C=LT$">
1419
+ <description>LigoWave Outdoor AP</description>
1420
+ <example>CN=device.wilibox.com,OU=R&amp;D,O=WILIBOX UAB,L=Kaunas,ST=-,C=LT</example>
1421
+ <param pos="0" name="hw.certainty" value="0.50"/>
1422
+ <param pos="0" name="hw.vendor" value="LigoWave"/>
1423
+ <param pos="0" name="hw.device" value="WAP"/>
1424
+ <param pos="0" name="os.certainty" value="0.5"/>
1425
+ <param pos="0" name="os.vendor" value="LigoWave"/>
1426
+ <param pos="0" name="os.family" value="Linux"/>
1427
+ <param pos="0" name="os.product" value="Linux"/>
1428
+ </fingerprint>
1429
+
1430
+ </fingerprints>