Initial commit

LICENSE

@@ -1,4 +1,4 @@
-                                 Apache License
+Apache License
                            Version 2.0, January 2004
                         http://www.apache.org/licenses/
 
@@ -199,3 +199,5 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
+
+

M2LPlugin/README.md

@@ -0,0 +1,10 @@
+Testing:
+
+#1
+mvn clean install
+
+#2
+./test.sh examples/example_mspl_log_0.xml bro_json_config.json
+
+- This will validate the given M2L with schema/MSPL_XML_Schema.xsd and then convert the M2L into bro JSON config.
+

M2LPlugin/examples/example.json

@@ -0,0 +1,37 @@
+{
+    "rules": [
+      { "id": "rule1",
+        "event": "EVENT_CONNECTION",
+        "operation": "count.bro",
+        "parameters": [
+            { "type": "object",
+              "value": "OBJ_CONNECTION"
+            }
+        ],
+        "action": "log",
+        "conditions": [
+           { "type":  "interval",
+             "value": 30 },
+           { "type": "threshold",
+             "value": 50 },
+           { "type": "source",
+             "value": { "address": "123.45.67.89" }
+           }
+        ]
+      },
+      { "id": "rule2",
+        "event": "EVENT_FILE",
+        "operation": "detect-MHR.bro",
+        "parameters": [ ],
+        "action": "log",
+        "conditions": [
+           { "type": "mime-type",
+             "value": "application/pdf"
+           },
+           { "type": "mime-type",
+              "value": "application/x-dosexec"
+           }
+        ]
+      }
+    ]
+}

M2LPlugin/examples/example_mspl_log_0.base64

@@ -0,0 +1 @@
+PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pgo8SVRSZXNvdXJjZSB4bWxucz0iaHR0cDovL21vZGVsaW9zb2Z0L3hzZGRlc2lnbmVyL2EyMmJkNjBiLWVlM2QtNDI1Yy04NjE4LWJlYjZhODU0MDUxYS9JVFJlc291cmNlLnhzZCIgSUQ9Ik1TUExfMDI1MzU2M2UtYzM3Ni00NzdiLWI2MjctYjMzNTc0ODg0NDkxIj4KICA8Y29uZmlndXJhdGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIgogICAgICAgICAgICAgICAgIHhzaTp0eXBlPSJSdWxlU2V0Q29uZmlndXJhdGlvbiI+CiAgICA8Y2FwYWJpbGl0eT4KICAgICAgPE5hbWU+TG9nZ2luZzwvTmFtZT4KICAgIDwvY2FwYWJpbGl0eT4KICAgIDxkZWZhdWx0QWN0aW9uIHhzaTp0eXBlPSJMb2dnaW5nQWN0aW9uIj4KICAgICAgPGxvZ2dpbmdBY3Rpb25UeXBlPmxvZ19jb25uZWN0aW9uPC9sb2dnaW5nQWN0aW9uVHlwZT4KICAgIDwvZGVmYXVsdEFjdGlvbj4KICAgIDxjb25maWd1cmF0aW9uUnVsZT4KICAgICAgPGNvbmZpZ3VyYXRpb25SdWxlQWN0aW9uIHhzaTp0eXBlPSJMb2dnaW5nQWN0aW9uIj4KICAgICAgICA8bG9nZ2luZ0FjdGlvblR5cGU+bG9nX2Nvbm5lY3Rpb248L2xvZ2dpbmdBY3Rpb25UeXBlPgogICAgICA8L2NvbmZpZ3VyYXRpb25SdWxlQWN0aW9uPgogICAgICA8Y29uZmlndXJhdGlvbkNvbmRpdGlvbiB4c2k6dHlwZT0iTG9nZ2luZ0NvbmRpdGlvbiI+CiAgICAgICAgPGlzQ05GPmZhbHNlPC9pc0NORj4KICAgICAgICA8ZXZlbnRDb25kaXRpb24+CiAgICAgICAgICA8ZXZlbnRzPkVWRU5UX0NPTk5FQ1RJT048L2V2ZW50cz4KICAgICAgICAgIDxpbnRlcnZhbD4zMDwvaW50ZXJ2YWw+CiAgICAgICAgICA8dGhyZXNob2xkPjUwPC90aHJlc2hvbGQ+CiAgICAgICAgPC9ldmVudENvbmRpdGlvbj4KICAgICAgICA8cGFja2V0Q29uZGl0aW9uPgogICAgICAgICAgPFNvdXJjZUFkZHJlc3M+MTIzLjQ1LjY3Ljg5LDEyMy40NS42Ny45MCwxMjMuNDUuNjcuOTEsPC9Tb3VyY2VBZGRyZXNzPgogICAgICAgIDwvcGFja2V0Q29uZGl0aW9uPgogICAgICA8L2NvbmZpZ3VyYXRpb25Db25kaXRpb24+CiAgICAgIDxleHRlcm5hbERhdGEgeHNpOnR5cGU9IlByaW9yaXR5Ij4KICAgICAgICA8dmFsdWU+MDwvdmFsdWU+CiAgICAgIDwvZXh0ZXJuYWxEYXRhPgogICAgICA8TmFtZT5SdWxlMDwvTmFtZT4KICAgICAgPGlzQ05GPmZhbHNlPC9pc0NORj4KICAgICAgPEhTUEwgSFNQTF9pZD0iSFNQTDNfU29uX0lTUCIgSFNQTF90ZXh0PSJzb24gZW5hYmxlIGxvZ2dpbmcgY291bnRfY29ubmVjdGlvbiwgIHZ0dF9hZGRyZXNzLCAgIi8+CiAgICA8L2NvbmZpZ3VyYXRpb25SdWxlPgogICAgPHJlc29sdXRpb25TdHJhdGVneSB4c2k6dHlwZT0iRk1SIi8+CiAgICA8TmFtZT5NU1BMXzAyNTM1NjNlLWMzNzYtNDc3Yi1iNjI3LWIzMzU3NDg4NDQ5MTwvTmFtZT4KICA8L2NvbmZpZ3VyYXRpb24+CjwvSVRSZXNvdXJjZT4K

M2LPlugin/examples/example_mspl_log_0.json

@@ -0,0 +1 @@
+{"rules":[{"id":"Rule0","operation":"count","event":"EVENT_CONNECTION","action":"log","parameters":[{"type":"object","value":"OBJ_CONNECTION"}],"conditions":[{"type":"interval","value":30},{"type":"threshold","value":50},{"type":"source","value":{"address":"123.45.67.89"}},{"type":"source","value":{"address":"123.45.67.90"}},{"type":"source","value":{"address":"123.45.67.91"}}]}]}

M2LPlugin/examples/example_mspl_log_0.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ITResource xmlns="http://modeliosoft/xsddesigner/a22bd60b-ee3d-425c-8618-beb6a854051a/ITResource.xsd" ID="MSPL_0253563e-c376-477b-b627-b33574884491">
+  <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                 xsi:type="RuleSetConfiguration">
+    <capability>
+      <Name>Logging</Name>
+    </capability>
+    <defaultAction xsi:type="LoggingAction">
+      <loggingActionType>log_connection</loggingActionType>
+    </defaultAction>
+    <configurationRule>
+      <configurationRuleAction xsi:type="LoggingAction">
+        <loggingActionType>log_connection</loggingActionType>
+      </configurationRuleAction>
+      <configurationCondition xsi:type="LoggingCondition">
+        <isCNF>false</isCNF>
+        <eventCondition>
+          <events>EVENT_CONNECTION</events>
+          <interval>30</interval>
+          <threshold>50</threshold>
+        </eventCondition>
+        <packetCondition>
+          <SourceAddress>123.45.67.89,123.45.67.90,123.45.67.91,</SourceAddress>
+        </packetCondition>
+      </configurationCondition>
+      <externalData xsi:type="Priority">
+        <value>0</value>
+      </externalData>
+      <Name>Rule0</Name>
+      <isCNF>false</isCNF>
+      <HSPL HSPL_id="HSPL3_Son_ISP" HSPL_text="son enable logging count_connection,  vtt_address,  "/>
+    </configurationRule>
+    <resolutionStrategy xsi:type="FMR"/>
+    <Name>MSPL_0253563e-c376-477b-b627-b33574884491</Name>
+  </configuration>
+</ITResource>

M2LPlugin/examples/example_mspl_log_2.base64

@@ -0,0 +1,30 @@
+PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pgo8
+SVRSZXNvdXJjZSB4bWxucz0iaHR0cDovL21vZGVsaW9zb2Z0L3hzZGRlc2lnbmVyL2EyMmJkNjBi
+LWVlM2QtNDI1Yy04NjE4LWJlYjZhODU0MDUxYS9JVFJlc291cmNlLnhzZCIgSUQ9Ik1TUExfOTE5
+MGNiM2ItYzA2Yi00NmFkLWEzNmMtYTkzZDA5NzJjMjYzIj4KICAgIDxjb25maWd1cmF0aW9uIHht
+bG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0
+eXBlPSJSdWxlU2V0Q29uZmlndXJhdGlvbiI+CiAgICAgICAgPGNhcGFiaWxpdHk+CiAgICAgICAg
+ICAgIDxOYW1lPkxvZ2dpbmc8L05hbWU+CiAgICAgICAgPC9jYXBhYmlsaXR5PgogICAgICAgIDxk
+ZWZhdWx0QWN0aW9uIHhzaTp0eXBlPSJMb2dnaW5nQWN0aW9uIj4KICAgICAgICAgICAgPGxvZ2dp
+bmdBY3Rpb25UeXBlPmxvZ19jb25uZWN0aW9uPC9sb2dnaW5nQWN0aW9uVHlwZT4KICAgICAgICA8
+L2RlZmF1bHRBY3Rpb24+CiAgICAgICAgPGNvbmZpZ3VyYXRpb25SdWxlPgogICAgICAgICAgICA8
+Y29uZmlndXJhdGlvblJ1bGVBY3Rpb24geHNpOnR5cGU9IkxvZ2dpbmdBY3Rpb24iPgogICAgICAg
+ICAgICAgICAgPGxvZ2dpbmdBY3Rpb25UeXBlPmxvZ19jb25uZWN0aW9uPC9sb2dnaW5nQWN0aW9u
+VHlwZT4KICAgICAgICAgICAgPC9jb25maWd1cmF0aW9uUnVsZUFjdGlvbj4KICAgICAgICAgICAg
+PGNvbmZpZ3VyYXRpb25Db25kaXRpb24geHNpOnR5cGU9IkxvZ2dpbmdDb25kaXRpb24iPgogICAg
+ICAgICAgICAgICAgPGlzQ05GPmZhbHNlPC9pc0NORj4KICAgICAgICAgICAgICAgIDxldmVudENv
+bmRpdGlvbj4KICAgICAgICAgICAgICAgICAgICA8ZXZlbnRzPkVWRU5UX0NPTk5FQ1RJT048L2V2
+ZW50cz4KICAgICAgICAgICAgICAgICAgICA8aW50ZXJ2YWw+MzA8L2ludGVydmFsPgogICAgICAg
+ICAgICAgICAgICAgIDx0aHJlc2hvbGQ+NTA8L3RocmVzaG9sZD4KICAgICAgICAgICAgICAgIDwv
+ZXZlbnRDb25kaXRpb24+CiAgICAgICAgICAgICAgICA8cGFja2V0Q29uZGl0aW9uPgogICAgICAg
+ICAgICAgICAgICAgIDxTb3VyY2VBZGRyZXNzPjEyMy40NS42Ny44OSwxMjMuNDUuNjcuOTAsMTIz
+LjQ1LjY3LjkxLDwvU291cmNlQWRkcmVzcz4KICAgICAgICAgICAgICAgIDwvcGFja2V0Q29uZGl0
+aW9uPgogICAgICAgICAgICA8L2NvbmZpZ3VyYXRpb25Db25kaXRpb24+CiAgICAgICAgICAgIDxl
+eHRlcm5hbERhdGEgeHNpOnR5cGU9IlByaW9yaXR5Ij4KICAgICAgICAgICAgICAgIDx2YWx1ZT4w
+PC92YWx1ZT4KICAgICAgICAgICAgPC9leHRlcm5hbERhdGE+CiAgICAgICAgICAgIDxOYW1lPlJ1
+bGUwPC9OYW1lPgogICAgICAgICAgICA8aXNDTkY+ZmFsc2U8L2lzQ05GPgogICAgICAgICAgICA8
+SFNQTCBIU1BMX2lkPSJIU1BMM19Tb25fSVNQIiBIU1BMX3RleHQ9InNvbiBlbmFibGUgbG9nZ2lu
+ZyBjb3VudF9jb25uZWN0aW9uLCAgdnR0X2FkZHJlc3MsICAiLz4KICAgICAgICA8L2NvbmZpZ3Vy
+YXRpb25SdWxlPgogICAgICAgIDxyZXNvbHV0aW9uU3RyYXRlZ3kgeHNpOnR5cGU9IkZNUiIvPgog
+ICAgICAgIDxOYW1lPk1TUExfOTE5MGNiM2ItYzA2Yi00NmFkLWEzNmMtYTkzZDA5NzJjMjYzPC9O
+YW1lPgogICAgPC9jb25maWd1cmF0aW9uPgo8L0lUUmVzb3VyY2U+Cg==

M2LPlugin/examples/example_mspl_log_2.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ITResource xmlns="http://modeliosoft/xsddesigner/a22bd60b-ee3d-425c-8618-beb6a854051a/ITResource.xsd" ID="MSPL_9190cb3b-c06b-46ad-a36c-a93d0972c263">
+    <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="RuleSetConfiguration">
+        <capability>
+            <Name>Logging</Name>
+        </capability>
+        <defaultAction xsi:type="LoggingAction">
+            <loggingActionType>log_connection</loggingActionType>
+        </defaultAction>
+        <configurationRule>
+            <configurationRuleAction xsi:type="LoggingAction">
+                <loggingActionType>log_connection</loggingActionType>
+            </configurationRuleAction>
+            <configurationCondition xsi:type="LoggingCondition">
+                <isCNF>false</isCNF>
+                <eventCondition>
+                    <events>EVENT_CONNECTION</events>
+                    <interval>30</interval>
+                    <threshold>50</threshold>
+                </eventCondition>
+                <packetCondition>
+                    <SourceAddress>123.45.67.89,123.45.67.90,123.45.67.91,</SourceAddress>
+                </packetCondition>
+            </configurationCondition>
+            <externalData xsi:type="Priority">
+                <value>0</value>
+            </externalData>
+            <Name>Rule0</Name>
+            <isCNF>false</isCNF>
+            <HSPL HSPL_id="HSPL3_Son_ISP" HSPL_text="son enable logging count_connection,  vtt_address,  "/>
+        </configurationRule>
+        <resolutionStrategy xsi:type="FMR"/>
+        <Name>MSPL_9190cb3b-c06b-46ad-a36c-a93d0972c263</Name>
+    </configuration>
+</ITResource>

M2LPlugin/examples/example_mspl_log_3.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ITResource xmlns="http://modeliosoft/xsddesigner/a22bd60b-ee3d-425c-8618-beb6a854051a/ITResource.xsd" ID="MSPL_b1a390f5-21b6-4cb2-b1ba-711e399d4833">
+    <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="RuleSetConfiguration">
+        <capability>
+            <Name>Logging</Name>
+        </capability>
+        <defaultAction xsi:type="LoggingAction">
+            <loggingActionType>log_connection</loggingActionType>
+        </defaultAction>
+        <configurationRule>
+            <configurationRuleAction xsi:type="LoggingAction">
+                <loggingActionType>log_connection</loggingActionType>
+            </configurationRuleAction>
+            <configurationCondition xsi:type="LoggingCondition">
+                <isCNF>false</isCNF>
+                <eventCondition>
+                    <events>EVENT_CONNECTION</events>
+                    <interval>30</interval>
+                    <threshold>50</threshold>
+                </eventCondition>
+             <!--  <packetCondition>
+                    <DestinationAddress>123.45.67.89,123.45.67.90,123.45.67.91,</DestinationAddress>
+                </packetCondition> -->
+                <applicationCondition>
+                    <URL>www.black-site.com,chat-paradise.com,chat.free.fr,chat.gratis.es,</URL>
+                </applicationCondition>
+            </configurationCondition>
+            <externalData xsi:type="Priority">
+                <value>0</value>
+            </externalData>
+            <Name>Rule0</Name>
+            <isCNF>false</isCNF>
+            <HSPL HSPL_id="HSPL3_Son_ISP" HSPL_text="son enable logging count_connection,  on www.black_site.com,  chat_room,  vtt_address,  "/>
+        </configurationRule>
+        <resolutionStrategy xsi:type="FMR"/>
+        <Name>MSPL_b1a390f5-21b6-4cb2-b1ba-711e399d4833</Name>
+    </configuration>
+</ITResource>

M2LPlugin/examples/example_mspl_mwd_0.base64

@@ -0,0 +1 @@
+PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pgo8SVRSZXNvdXJjZSB4bWxucz0iaHR0cDovL21vZGVsaW9zb2Z0L3hzZGRlc2lnbmVyL2EyMmJkNjBiLWVlM2QtNDI1Yy04NjE4LWJlYjZhODU0MDUxYS9JVFJlc291cmNlLnhzZCIgSUQ9Ik1TUExfMzA5MWQxMzUtZWI2Ny00OGM3LWJmNjItMTIwMTVhNDdmMjVmIj4KICA8Y29uZmlndXJhdGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIgogICAgICAgICAgICAgICAgIHhzaTp0eXBlPSJSdWxlU2V0Q29uZmlndXJhdGlvbiI+CiAgICA8Y2FwYWJpbGl0eT4KICAgICAgPE5hbWU+T2ZmbGluZV9tYWx3YXJlX2FuYWx5c2lzPC9OYW1lPgogICAgPC9jYXBhYmlsaXR5PgogICAgPGRlZmF1bHRBY3Rpb24geHNpOnR5cGU9IkFudGktbWFsd2FyZUFjdGlvbiI+CiAgICAgIDxhbnRpLW1hbHdhcmVBY3Rpb25UeXBlPjwvYW50aS1tYWx3YXJlQWN0aW9uVHlwZT4KICAgIDwvZGVmYXVsdEFjdGlvbj4KICAgIDxjb25maWd1cmF0aW9uUnVsZT4KICAgICAgPGNvbmZpZ3VyYXRpb25SdWxlQWN0aW9uIHhzaTp0eXBlPSJBbnRpLW1hbHdhcmVBY3Rpb24iPgogICAgICAgIDxhbnRpLW1hbHdhcmVBY3Rpb25UeXBlPjwvYW50aS1tYWx3YXJlQWN0aW9uVHlwZT4KICAgICAgPC9jb25maWd1cmF0aW9uUnVsZUFjdGlvbj4KICAgICAgPGNvbmZpZ3VyYXRpb25Db25kaXRpb24geHNpOnR5cGU9IkFudGktbWFsd2FyZUNvbmRpdGlvbiI+CiAgICAgICAgPGlzQ05GPmZhbHNlPC9pc0NORj4KICAgICAgICA8YXBwbGljYXRpb25MYXllckNvbmRpdGlvbj4KICAgICAgICAgIDxtaW1lVHlwZT5hcHBsaWNhdGlvbi94LWRvc2V4ZWMsPC9taW1lVHlwZT4KICAgICAgICA8L2FwcGxpY2F0aW9uTGF5ZXJDb25kaXRpb24+CiAgICAgIDwvY29uZmlndXJhdGlvbkNvbmRpdGlvbj4KICAgICAgPGV4dGVybmFsRGF0YSB4c2k6dHlwZT0iUHJpb3JpdHkiPgogICAgICAgIDx2YWx1ZT4wPC92YWx1ZT4KICAgICAgPC9leHRlcm5hbERhdGE+CiAgICAgIDxOYW1lPlJ1bGUwPC9OYW1lPgogICAgICA8aXNDTkY+ZmFsc2U8L2lzQ05GPgogICAgICA8SFNQTCBIU1BMX2lkPSJIU1BMNF9Tb25fSVNQIiBIU1BMX3RleHQ9InNvbiBlbmFibGUgbWFsd2FyZV9kZXRlY3Rpb24gc2Nhbl94ZG9zZXhlYywgICIvPgogICAgPC9jb25maWd1cmF0aW9uUnVsZT4KICAgIDxjb25maWd1cmF0aW9uUnVsZT4KICAgICAgPGNvbmZpZ3VyYXRpb25SdWxlQWN0aW9uIHhzaTp0eXBlPSJBbnRpLW1hbHdhcmVBY3Rpb24iPgogICAgICAgIDxhbnRpLW1hbHdhcmVBY3Rpb25UeXBlPjwvYW50aS1tYWx3YXJlQWN0aW9uVHlwZT4KICAgICAgPC9jb25maWd1cmF0aW9uUnVsZUFjdGlvbj4KICAgICAgPGNvbmZpZ3VyYXRpb25Db25kaXRpb24geHNpOnR5cGU9IkFudGktbWFsd2FyZUNvbmRpdGlvbiI+CiAgICAgICAgPGlzQ05GPmZhbHNlPC9pc0NORj4KICAgICAgICA8YXBwbGljYXRpb25MYXllckNvbmRpdGlvbj4KICAgICAgICAgIDxtaW1lVHlwZT5hcHBsaWNhdGlvbi9wZGYsPC9taW1lVHlwZT4KICAgICAgICA8L2FwcGxpY2F0aW9uTGF5ZXJDb25kaXRpb24+CiAgICAgIDwvY29uZmlndXJhdGlvbkNvbmRpdGlvbj4KICAgICAgPGV4dGVybmFsRGF0YSB4c2k6dHlwZT0iUHJpb3JpdHkiPgogICAgICAgIDx2YWx1ZT4xPC92YWx1ZT4KICAgICAgPC9leHRlcm5hbERhdGE+CiAgICAgIDxOYW1lPlJ1bGUxPC9OYW1lPgogICAgICA8aXNDTkY+ZmFsc2U8L2lzQ05GPgogICAgICA8SFNQTCBIU1BMX2lkPSJIU1BMNV9Tb25fSVNQIiBIU1BMX3RleHQ9InNvbiBlbmFibGUgbWFsd2FyZV9kZXRlY3Rpb24gc2Nhbl9wZGYsICAiLz4KICAgIDwvY29uZmlndXJhdGlvblJ1bGU+CiAgICA8cmVzb2x1dGlvblN0cmF0ZWd5IHhzaTp0eXBlPSJGTVIiLz4KICAgIDxOYW1lPk1TUExfMzA5MWQxMzUtZWI2Ny00OGM3LWJmNjItMTIwMTVhNDdmMjVmPC9OYW1lPgogIDwvY29uZmlndXJhdGlvbj4KPC9JVFJlc291cmNlPgo=

M2LPlugin/examples/example_mspl_mwd_0.base64.tmp

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ITResource xmlns="http://modeliosoft/xsddesigner/a22bd60b-ee3d-425c-8618-beb6a854051a/ITResource.xsd" ID="MSPL_3091d135-eb67-48c7-bf62-12015a47f25f">
+  <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                 xsi:type="RuleSetConfiguration">
+    <capability>
+      <Name>Offline_malware_analysis</Name>
+    </capability>
+    <defaultAction xsi:type="Anti-malwareAction">
+      <anti-malwareActionType></anti-malwareActionType>
+    </defaultAction>
+    <configurationRule>
+      <configurationRuleAction xsi:type="Anti-malwareAction">
+        <anti-malwareActionType></anti-malwareActionType>
+      </configurationRuleAction>
+      <configurationCondition xsi:type="Anti-malwareCondition">
+        <isCNF>false</isCNF>
+        <applicationLayerCondition>
+          <mimeType>application/x-dosexec,</mimeType>
+        </applicationLayerCondition>
+      </configurationCondition>
+      <externalData xsi:type="Priority">
+        <value>0</value>
+      </externalData>
+      <Name>Rule0</Name>
+      <isCNF>false</isCNF>
+      <HSPL HSPL_id="HSPL4_Son_ISP" HSPL_text="son enable malware_detection scan_xdosexec,  "/>
+    </configurationRule>
+    <configurationRule>
+      <configurationRuleAction xsi:type="Anti-malwareAction">
+        <anti-malwareActionType></anti-malwareActionType>
+      </configurationRuleAction>
+      <configurationCondition xsi:type="Anti-malwareCondition">
+        <isCNF>false</isCNF>
+        <applicationLayerCondition>
+          <mimeType>application/pdf,</mimeType>
+        </applicationLayerCondition>
+      </configurationCondition>
+      <externalData xsi:type="Priority">
+        <value>1</value>
+      </externalData>
+      <Name>Rule1</Name>
+      <isCNF>false</isCNF>
+      <HSPL HSPL_id="HSPL5_Son_ISP" HSPL_text="son enable malware_detection scan_pdf,  "/>
+    </configurationRule>
+    <resolutionStrategy xsi:type="FMR"/>
+    <Name>MSPL_3091d135-eb67-48c7-bf62-12015a47f25f</Name>
+  </configuration>
+</ITResource>

M2LPlugin/examples/example_mspl_mwd_0.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ITResource xmlns="http://modeliosoft/xsddesigner/a22bd60b-ee3d-425c-8618-beb6a854051a/ITResource.xsd" ID="MSPL_3091d135-eb67-48c7-bf62-12015a47f25f">
+  <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                 xsi:type="RuleSetConfiguration">
+    <capability>
+      <Name>Offline_malware_analysis</Name>
+    </capability>
+    <defaultAction xsi:type="Anti-malwareAction">
+      <anti-malwareActionType></anti-malwareActionType>
+    </defaultAction>
+    <configurationRule>
+      <configurationRuleAction xsi:type="Anti-malwareAction">
+        <anti-malwareActionType></anti-malwareActionType>
+      </configurationRuleAction>
+      <configurationCondition xsi:type="Anti-malwareCondition">
+        <isCNF>false</isCNF>
+        <applicationLayerCondition>
+          <mimeType>application/x-dosexec,</mimeType>
+        </applicationLayerCondition>
+      </configurationCondition>
+      <externalData xsi:type="Priority">
+        <value>0</value>
+      </externalData>
+      <Name>Rule0</Name>
+      <isCNF>false</isCNF>
+      <HSPL HSPL_id="HSPL4_Son_ISP" HSPL_text="son enable malware_detection scan_xdosexec,  "/>
+    </configurationRule>
+    <configurationRule>
+      <configurationRuleAction xsi:type="Anti-malwareAction">
+        <anti-malwareActionType></anti-malwareActionType>
+      </configurationRuleAction>
+      <configurationCondition xsi:type="Anti-malwareCondition">
+        <isCNF>false</isCNF>
+        <applicationLayerCondition>
+          <mimeType>application/pdf,</mimeType>
+        </applicationLayerCondition>
+      </configurationCondition>
+      <externalData xsi:type="Priority">
+        <value>1</value>
+      </externalData>
+      <Name>Rule1</Name>
+      <isCNF>false</isCNF>
+      <HSPL HSPL_id="HSPL5_Son_ISP" HSPL_text="son enable malware_detection scan_pdf,  "/>
+    </configurationRule>
+    <resolutionStrategy xsi:type="FMR"/>
+    <Name>MSPL_3091d135-eb67-48c7-bf62-12015a47f25f</Name>
+  </configuration>
+</ITResource>