Merge pull request logrhythm#78 from kjell-hedstrom/Qosmos_v1.2.0

Qosmos v1.2.0

protofiles/Applications.proto

@@ -1614,4 +1614,17 @@ optional string chatroulette = 1612 [default = "Chatroulette is an online chat w
 optional string cryptoheaven = 1613 [default = "Secure email and online file storage service."];
 optional string mendeley = 1614 [default = "Sharing and annotating document web service. ( http://www.mendeley.com )"];
 optional string pichat = 1615 [default = "Online Chat Application ( pichat.net )."];
+optional string blackberry_update = 1616 [default = "This protocol classifies the Blackberry 10 family OS software updates."];
+optional string itv_player = 1617 [default = "Proprietary iOS application and website for VOD content (TV catch up) and live channels streaming."];
+optional string mypeople_messenger = 1618 [default = "MyPeople Messenger is a cross-platform application providing free text picture and video messaging."];
+optional string line_games = 1619 [default = "This protocol plug-in classifies the http traffic to the host linegame.com the portal of various Line games."];
+optional string chat_on = 1620 [default = "chatON is a global mobile communication service introduced by Samsung Electronics."];
+optional string line_wind_runner = 1621 [default = "Line Wind Runner is a popular asian mobile device game accessible from the Line application."];
+optional string touch = 1622 [default = "Touch is a cross-platform application providing free text picture and video messaging."];
+optional string websocket = 1623 [default = "The WebSocket Protocol as described in IETF RFC6455."];
+optional string magumagu = 1624 [default = "2013 for Kakao (aka Magu-Magu) is Korean baseball game developped by CJ E&M corp."];
+optional string lync = 1625 [default = "Microsoft Lync IM VoIP and desktop sharing services (corporate and on-line services)."];
+optional string high_entropy = 1626 [default = "High Entropy is a virtual protocol used to detect potentially encrypted payloads. Important note: the classification of this layer is effective since the 4.18.0 version of the ixEngine framework. The classification is based on two methods: entropy value computation and printable strings detection."];
+optional string saavn_music = 1627 [default = "Saavn is a streaming application providing free Indian and Bollywood music to listeners."];
+optional string maaii = 1628 [default = "Maaii is a cross-platform messaging application which allows iPhone and Android users to send and receive text messages and phone calls for free."];
 }

protofiles/DpiMsgLRproto.proto

@@ -1937,8 +1937,6 @@ repeated bytes user_idQ_PROTO_SIP = 2218; // QOSMOS:Q_PROTO_SIP,Q_SIP_USER_ID
 repeated bytes loginQ_PROTO_SKYBLOG = 2219; // QOSMOS:Q_PROTO_SKYBLOG,Q_MPA_LOGIN
 repeated bytes passwordQ_PROTO_SKYBLOG = 2220; // QOSMOS:Q_PROTO_SKYBLOG,Q_MPA_PASSWORD
 repeated bytes versionQ_PROTO_SKYPE = 2221; // QOSMOS:Q_PROTO_SKYPE,Q_MPA_VERSION
-repeated bytes service_typeQ_PROTO_SKYPE = 2222; // QOSMOS:Q_PROTO_SKYPE,Q_SKYPE_SERVICE_TYPE
-optional uint32 service_divergenceQ_PROTO_SKYPE = 2223; // QOSMOS:Q_PROTO_SKYPE,Q_SKYPE_SERVICE_DIVERGENCE
 repeated bytes nearest_serviceQ_PROTO_SKYPE = 2224; // QOSMOS:Q_PROTO_SKYPE,Q_SKYPE_NEAREST_SERVICE
 repeated bytes queryQ_PROTO_SLSK = 2225; // QOSMOS:Q_PROTO_SLSK,Q_MPA_QUERY
 optional uint32 versionQ_PROTO_SLSK = 2226; // QOSMOS:Q_PROTO_SLSK,Q_MPA_VERSION
@@ -2576,7 +2574,6 @@ repeated bytes versionQ_PROTO_H225 = 2858; // QOSMOS:Q_PROTO_H225,Q_MPA_VERSION
 repeated bytes ntlm_domainQ_PROTO_HTTP = 2859; // QOSMOS:Q_PROTO_HTTP,Q_MPA_NTLM_DOMAIN
 repeated bytes ntlm_userQ_PROTO_HTTP = 2860; // QOSMOS:Q_PROTO_HTTP,Q_MPA_NTLM_USER
 repeated bytes ntlm_workstationQ_PROTO_HTTP = 2861; // QOSMOS:Q_PROTO_HTTP,Q_MPA_NTLM_WORKSTATION
-repeated bytes x_client_ipQ_PROTO_ICAP = 2862; // QOSMOS:Q_PROTO_ICAP,Q_ICAP_X_CLIENT_IP
 repeated bytes user_agentQ_PROTO_LINE = 2863; // QOSMOS:Q_PROTO_LINE,Q_MPA_USER_AGENT
 optional uint32 service_idQ_PROTO_MPLUS_MESSENGER = 2864; // QOSMOS:Q_PROTO_MPLUS_MESSENGER,Q_MPA_SERVICE_ID
 repeated bytes serviceQ_PROTO_MPLUS_MESSENGER = 2865; // QOSMOS:Q_PROTO_MPLUS_MESSENGER,Q_MPA_SERVICE
@@ -2608,4 +2605,30 @@ optional uint32 mos_satelliteQ_PROTO_RTP = 2890; // QOSMOS:Q_PROTO_RTP,Q_RTP_MOS
 optional uint32 caller_user_phoneQ_PROTO_SIP = 2891; // QOSMOS:Q_PROTO_SIP,Q_SIP_CALLER_USER_PHONE
 optional uint32 callee_user_phoneQ_PROTO_SIP = 2892; // QOSMOS:Q_PROTO_SIP,Q_SIP_CALLEE_USER_PHONE
 optional uint32 call_durationQ_PROTO_TANGO = 2893; // QOSMOS:Q_PROTO_TANGO,Q_MPA_CALL_DURATION
+optional uint32 entropyQ_PROTO_HIGH_ENTROPY = 2894; // QOSMOS:Q_PROTO_HIGH_ENTROPY,Q_HIGH_ENTROPY_ENTROPY
+repeated bytes upgrade_headerQ_PROTO_HTTP = 2895; // QOSMOS:Q_PROTO_HTTP,Q_HTTP_UPGRADE_HEADER
+repeated bytes uri_decodedQ_PROTO_HTTP = 2896; // QOSMOS:Q_PROTO_HTTP,Q_HTTP_URI_DECODED
+repeated bytes uri_get_decodedQ_PROTO_HTTP = 2897; // QOSMOS:Q_PROTO_HTTP,Q_HTTP_URI_GET_DECODED
+repeated bytes uri_post_decodedQ_PROTO_HTTP = 2898; // QOSMOS:Q_PROTO_HTTP,Q_HTTP_URI_POST_DECODED
+repeated bytes uri_path_decodedQ_PROTO_HTTP = 2899; // QOSMOS:Q_PROTO_HTTP,Q_HTTP_URI_PATH_DECODED
+repeated bytes post_variable_decodedQ_PROTO_HTTP = 2900; // QOSMOS:Q_PROTO_HTTP,Q_HTTP_POST_VARIABLE_DECODED
+repeated bytes x_client_ip_respmod_reqQ_PROTO_ICAP = 2901; // QOSMOS:Q_PROTO_ICAP,Q_ICAP_X_CLIENT_IP_RESPMOD_REQ
+repeated bytes referer_respmod_reqQ_PROTO_ICAP = 2902; // QOSMOS:Q_PROTO_ICAP,Q_ICAP_REFERER_RESPMOD_REQ
+repeated bytes content_type_respmod_reqQ_PROTO_ICAP = 2903; // QOSMOS:Q_PROTO_ICAP,Q_ICAP_CONTENT_TYPE_RESPMOD_REQ
+repeated bytes user_agent_respmod_reqQ_PROTO_ICAP = 2904; // QOSMOS:Q_PROTO_ICAP,Q_ICAP_USER_AGENT_RESPMOD_REQ
+repeated bytes host_respmod_reqQ_PROTO_ICAP = 2905; // QOSMOS:Q_PROTO_ICAP,Q_ICAP_HOST_RESPMOD_REQ
+repeated bytes uri_respmod_reqQ_PROTO_ICAP = 2906; // QOSMOS:Q_PROTO_ICAP,Q_ICAP_URI_RESPMOD_REQ
+repeated bytes method_respmod_reqQ_PROTO_ICAP = 2907; // QOSMOS:Q_PROTO_ICAP,Q_ICAP_METHOD_RESPMOD_REQ
+optional uint32 code_respmod_reqQ_PROTO_ICAP = 2908; // QOSMOS:Q_PROTO_ICAP,Q_ICAP_CODE_RESPMOD_REQ
+repeated bytes callerQ_PROTO_LINE = 2909; // QOSMOS:Q_PROTO_LINE,Q_MPA_CALLER
+optional string call_durationQ_PROTO_QQ = 2910; // QOSMOS:Q_PROTO_QQ,Q_MPA_CALL_DURATION,timeval,timevalToString
+repeated bytes serviceQ_PROTO_SKYPE = 2911; // QOSMOS:Q_PROTO_SKYPE,Q_SKYPE_SERVICE
+optional uint32 service_idQ_PROTO_SKYPE = 2912; // QOSMOS:Q_PROTO_SKYPE,Q_MPA_SERVICE_ID
+repeated bytes serviceQ_PROTO_TANGO = 2913; // QOSMOS:Q_PROTO_TANGO,Q_MPA_SERVICE
+repeated bytes serviceQ_PROTO_VIBER = 2914; // QOSMOS:Q_PROTO_VIBER,Q_MPA_SERVICE
+optional uint32 service_idQ_PROTO_VIBER = 2915; // QOSMOS:Q_PROTO_VIBER,Q_MPA_SERVICE_ID
+optional uint32 service_idQ_PROTO_WECHAT = 2916; // QOSMOS:Q_PROTO_WECHAT,Q_MPA_SERVICE_ID
+repeated bytes serviceQ_PROTO_WECHAT = 2917; // QOSMOS:Q_PROTO_WECHAT,Q_MPA_SERVICE
+optional uint32 service_idQ_PROTO_WHATSAPP = 2918; // QOSMOS:Q_PROTO_WHATSAPP,Q_MPA_SERVICE_ID
+repeated bytes serviceQ_PROTO_WHATSAPP = 2919; // QOSMOS:Q_PROTO_WHATSAPP,Q_MPA_SERVICE
 }

resources/Applications.csv

@@ -1607,3 +1607,16 @@ chatroulette,1612,"Chatroulette is an online chat website. ( http://chatroulette
 cryptoheaven,1613,"Secure email and online file storage service."
 mendeley,1614,"Sharing and annotating document web service. ( http://www.mendeley.com )"
 pichat,1615,"Online Chat Application ( pichat.net )."
+blackberry_update,1616,"This protocol classifies the Blackberry 10 family OS software updates."
+itv_player,1617,"Proprietary iOS application and website for VOD content (TV catch up) and live channels streaming."
+mypeople_messenger,1618,"MyPeople Messenger is a cross-platform application providing free text picture and video messaging."
+line_games,1619,"This protocol plug-in classifies the http traffic to the host linegame.com the portal of various Line games."
+chat_on,1620,"chatON is a global mobile communication service introduced by Samsung Electronics."
+line_wind_runner,1621,"Line Wind Runner is a popular asian mobile device game accessible from the Line application."
+touch,1622,"Touch is a cross-platform application providing free text picture and video messaging."
+websocket,1623,"The WebSocket Protocol as described in IETF RFC6455."
+magumagu,1624,"2013 for Kakao (aka Magu-Magu) is Korean baseball game developped by CJ E&M corp."
+lync,1625,"Microsoft Lync IM VoIP and desktop sharing services (corporate and on-line services)."
+high_entropy,1626,"High Entropy is a virtual protocol used to detect potentially encrypted payloads. Important note: the classification of this layer is effective since the 4.18.0 version of the ixEngine framework. The classification is based on two methods: entropy value computation and printable strings detection."
+saavn_music,1627,"Saavn is a streaming application providing free Indian and Bollywood music to listeners."
+maaii,1628,"Maaii is a cross-platform messaging application which allows iPhone and Android users to send and receive text messages and phone calls for free."