[Bro] SSN detection script
seth at icir.org
Mon Aug 20 14:12:41 PDT 2012
On Aug 16, 2012, at 1:54 PM, Seth Hall <seth at icir.org> wrote:
I just added a small configuration option for this script to enable redaction on the ssn_exposure.log since users were having PII logs created for them by positive detections.
It can be enabled with:
redef SsnExposure::redact_logs = T;
I did another little fix to remove SSNs from notices too (they weren't supposed to be there in the first place!).
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro