ADM dictionary examples The ADM engine can match object content or any other metric or property with a single column dictionary for true or false (exists in the dictionary or does not exist in the dictionary). Table 1: Single column dictionary examples Type of dictionary Example String dictionary with common spam words “Cialis” “cialis” “Viagra” “viagra” “adult web” “Adult web” “act now! don’t hesitate!” Regular expression dictionary for authorization key words /(password|passwd|pwd)[^a-z0-9]{1,3}(admin|login|password|user)/i /(customer|client)[^a-z0-9]{1,3}account[^a-z0-9]{1,3}number/i /fund[^a-z0-9]{1,3}transaction/i /fund[^a-z0-9]{1,3}transfer[^a-z0-9]{1,3}[0-9,.]+/i String dictionary containing hash values for known bad executables "fec72ceae15b6f60cbf269f99b9888e9" "fed472c13c1db095c4cb0fc54ed28485" "feddedb607468465f9428a59eb5ee22a" "ff3cb87742f9b56dfdb9a49b31c1743c" "ff45e471aa68c9e2b6d62a82bbb6a82a" "ff669082faf0b5b976cec8027833791c" "ff7025e261bd09250346bc9efdfc6c7c" IP addresses of critical assets 192.168.1.12 192.168.2.0/24 192.168.3.0/255.255.255.0 192.168.4.32/27 192.168.5.144/255.255.255.240 Table 2: Double column dictionary examples Type of dictionary Example String dictionary with common spam words and categories “Cialis” “pharmaceutical” “cialis” “pharmaceutical” “Viagra” “pharmaceutical” “viagra” “pharmaceutical” “adult web” “adult” “Adult web” “adult” “act now! don’t hesitate!” “scam” Regular expression dictionary for authorization key words and categories /(password|passwd|pwd)[^a-z0-9]{1,3}(admin|login|password|user)/i “credentials” /(customer|client)[^a-z0-9]{1,3}account[^a-z0-9]{1,3}number/i “pii” /fund[^a-z0-9]{1,3}transaction/i “sox” /fund[^a-z0-9]{1,3}transfer[^a-z0-9]{1,3}[0-9,.]+/i “sox” String dictionary containing hash values for known bad executables and categories "fec72ceae15b6f60cbf269f99b9888e9" “Trojan” "fed472c13c1db095c4cb0fc54ed28485" “Malware” "feddedb607468465f9428a59eb5ee22a" “Virus” "ff3cb87742f9b56dfdb9a49b31c1743c" “Malware” "ff45e471aa68c9e2b6d62a82bbb6a82a" “Adware” "ff669082faf0b5b976cec8027833791c" “Trojan” "ff7025e261bd09250346bc9efdfc6c7c" “Virus” IP addresses of critical assets & groups 192.168.1.12 “Critical Assets” 192.168.2.0/24 “LAN” 192.168.3.0/255.255.255.0 “LAN” 192.168.4.32/27 “DMZ” 192.168.5.144/255.255.255.240 “Critical Assets” Parent topic: ADM rule reference material
ADM dictionary examples The ADM engine can match object content or any other metric or property with a single column dictionary for true or false (exists in the dictionary or does not exist in the dictionary). Table 1: Single column dictionary examples Type of dictionary Example String dictionary with common spam words “Cialis” “cialis” “Viagra” “viagra” “adult web” “Adult web” “act now! don’t hesitate!” Regular expression dictionary for authorization key words /(password|passwd|pwd)[^a-z0-9]{1,3}(admin|login|password|user)/i /(customer|client)[^a-z0-9]{1,3}account[^a-z0-9]{1,3}number/i /fund[^a-z0-9]{1,3}transaction/i /fund[^a-z0-9]{1,3}transfer[^a-z0-9]{1,3}[0-9,.]+/i String dictionary containing hash values for known bad executables "fec72ceae15b6f60cbf269f99b9888e9" "fed472c13c1db095c4cb0fc54ed28485" "feddedb607468465f9428a59eb5ee22a" "ff3cb87742f9b56dfdb9a49b31c1743c" "ff45e471aa68c9e2b6d62a82bbb6a82a" "ff669082faf0b5b976cec8027833791c" "ff7025e261bd09250346bc9efdfc6c7c" IP addresses of critical assets 192.168.1.12 192.168.2.0/24 192.168.3.0/255.255.255.0 192.168.4.32/27 192.168.5.144/255.255.255.240 Table 2: Double column dictionary examples Type of dictionary Example String dictionary with common spam words and categories “Cialis” “pharmaceutical” “cialis” “pharmaceutical” “Viagra” “pharmaceutical” “viagra” “pharmaceutical” “adult web” “adult” “Adult web” “adult” “act now! don’t hesitate!” “scam” Regular expression dictionary for authorization key words and categories /(password|passwd|pwd)[^a-z0-9]{1,3}(admin|login|password|user)/i “credentials” /(customer|client)[^a-z0-9]{1,3}account[^a-z0-9]{1,3}number/i “pii” /fund[^a-z0-9]{1,3}transaction/i “sox” /fund[^a-z0-9]{1,3}transfer[^a-z0-9]{1,3}[0-9,.]+/i “sox” String dictionary containing hash values for known bad executables and categories "fec72ceae15b6f60cbf269f99b9888e9" “Trojan” "fed472c13c1db095c4cb0fc54ed28485" “Malware” "feddedb607468465f9428a59eb5ee22a" “Virus” "ff3cb87742f9b56dfdb9a49b31c1743c" “Malware” "ff45e471aa68c9e2b6d62a82bbb6a82a" “Adware” "ff669082faf0b5b976cec8027833791c" “Trojan” "ff7025e261bd09250346bc9efdfc6c7c" “Virus” IP addresses of critical assets & groups 192.168.1.12 “Critical Assets” 192.168.2.0/24 “LAN” 192.168.3.0/255.255.255.0 “LAN” 192.168.4.32/27 “DMZ” 192.168.5.144/255.255.255.240 “Critical Assets” Parent topic: ADM rule reference material
