ADM dictionary examples

The ADM engine can match object content or any other metric or property with a single column dictionary for true or false (exists in the dictionary or does not exist in the dictionary).

Table 1: Single column dictionary examples
Type of dictionary Example
String dictionary with common spam words

“Cialis”

“cialis”

“Viagra”

“viagra”

“adult web”

“Adult web”

“act now! don’t hesitate!”

Regular expression dictionary for authorization key words

/(password|passwd|pwd)[^a-z0-9]{1,3}(admin|login|password|user)/i

/(customer|client)[^a-z0-9]{1,3}account[^a-z0-9]{1,3}number/i

/fund[^a-z0-9]{1,3}transaction/i

/fund[^a-z0-9]{1,3}transfer[^a-z0-9]{1,3}[0-9,.]+/i

String dictionary containing hash values for known bad executables

"fec72ceae15b6f60cbf269f99b9888e9"

"fed472c13c1db095c4cb0fc54ed28485"

"feddedb607468465f9428a59eb5ee22a"

"ff3cb87742f9b56dfdb9a49b31c1743c"

"ff45e471aa68c9e2b6d62a82bbb6a82a"

"ff669082faf0b5b976cec8027833791c"

"ff7025e261bd09250346bc9efdfc6c7c"

IP addresses of critical assets

192.168.1.12

192.168.2.0/24

192.168.3.0/255.255.255.0

192.168.4.32/27

192.168.5.144/255.255.255.240

Table 2: Double column dictionary examples
Type of dictionary Example
String dictionary with common spam words and categories

“Cialis” “pharmaceutical”

“cialis” “pharmaceutical”

“Viagra” “pharmaceutical”

“viagra” “pharmaceutical”

“adult web” “adult”

“Adult web” “adult”

“act now! don’t hesitate!” “scam”

Regular expression dictionary for authorization key words and categories

/(password|passwd|pwd)[^a-z0-9]{1,3}(admin|login|password|user)/i “credentials”

/(customer|client)[^a-z0-9]{1,3}account[^a-z0-9]{1,3}number/i “pii”

/fund[^a-z0-9]{1,3}transaction/i “sox”

/fund[^a-z0-9]{1,3}transfer[^a-z0-9]{1,3}[0-9,.]+/i “sox”

String dictionary containing hash values for known bad executables and categories

"fec72ceae15b6f60cbf269f99b9888e9" “Trojan”

"fed472c13c1db095c4cb0fc54ed28485" “Malware”

"feddedb607468465f9428a59eb5ee22a" “Virus”

"ff3cb87742f9b56dfdb9a49b31c1743c" “Malware”

"ff45e471aa68c9e2b6d62a82bbb6a82a" “Adware”

"ff669082faf0b5b976cec8027833791c" “Trojan”

"ff7025e261bd09250346bc9efdfc6c7c" “Virus”

IP addresses of critical assets & groups

192.168.1.12 “Critical Assets”

192.168.2.0/24 “LAN”

192.168.3.0/255.255.255.0 “LAN”

192.168.4.32/27 “DMZ”

192.168.5.144/255.255.255.240 “Critical Assets”