Has anyone written a Custom App-ID to identify XP OS, and more specifically browser based access. I would like to identify any XP, but realize I may only be able to see via browser headers.
This should be workable. The "User-Agent" header, which is part of a HTTP stream would contain this data. Looks like XP will show as the following: 'Windows XP' => '(Windows NT 5.1)|(Windows XP)',
A little testing with WireShark and some web searches should get you on your way. If you need additional help with your custom signature please reference our DevCenter via the link below.
As said before, User-Agent in HTTP Header is the only practical way to identify XP. Be aware that the User Agent may be faked.
By the way:
May be it is better to use Custom Vulnerability instead of Custom App.
This way you can identify the "Threat" XP ;-)
If you use Custom App you will overwrite the whole App-Engine
which means all http Traffic will be identified as XP instead of facebook,google,youtube ......
Custom App and Custom Vulnerability work the same way when you define your own Signatures.
There is already a sample in Dev Forum
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!