cynguk

## Decoder
<decoder name="comodoparent">
  <prematch>CEF:0\|comodo</prematch>
</decoder>

<decoder name="comodomalwaredetection">
  <parent>comodoparent</parent>
  <use_own_name>true</use_own_name>
  <prematch>Malware Detected\|10</prematch>
  <regex type="pcre2">CEF:0\|comodo\|cis\.ccs\|[^\|]+\|[^\|]+\|Malware Detected\|[^\|]+\|filePath=([^\s]+) fname=[^\s]+ act=([^\s]+) reason=[^\s]+ cat=[^\s]+ cs1Label=[^\s]+ cs1=[^\s]+ cs2Label=[^\s]+ cs2=[^\s]+ cs4Label=[^\s]+ cs4=[^\s]+ suser=[^\s]+ spriv=[^\s]+ deviceNtDomain=[^\s]+ ssid=[^\s]+ fileHash=([^\s]+) dvchost=([^\s]+) dvc=[^\s]+ deviceExternalId=[^\s]+</regex>
  <order>filePath, act, filehash, dvchost</order>

## o365bruteforce
import re
import pyperclip
import requests
from bs4 import BeautifulSoup

API_KEY = "redacted"

def analyse_log(log):
    log_data = {}
	<decoder name="comodoparent">
	<prematch>CEF:0\\|comodo</prematch>
	</decoder>

	<decoder name="comodomalwaredetection">
	<parent>comodoparent</parent>
	<use_own_name>true</use_own_name>
	<prematch>Malware Detected\\|10</prematch>
	<regex type="pcre2">CEF:0\\|comodo\\|cis\.ccs\\|[^\\|]+\\|[^\\|]+\\|Malware Detected\\|[^\\|]+\\|filePath=([^\s]+) fname=[^\s]+ act=([^\s]+) reason=[^\s]+ cat=[^\s]+ cs1Label=[^\s]+ cs1=[^\s]+ cs2Label=[^\s]+ cs2=[^\s]+ cs4Label=[^\s]+ cs4=[^\s]+ suser=[^\s]+ spriv=[^\s]+ deviceNtDomain=[^\s]+ ssid=[^\s]+ fileHash=([^\s]+) dvchost=([^\s]+) dvc=[^\s]+ deviceExternalId=[^\s]+</regex>
	<order>filePath, act, filehash, dvchost</order>
	import re
	import pyperclip
	import requests
	from bs4 import BeautifulSoup

	API_KEY = "redacted"

	def analyse_log(log):
	log_data = {}