[Bro] MD5 Hashing
seth at icir.org
Tue Mar 13 11:55:42 PDT 2012
On Mar 13, 2012, at 2:22 PM, Chris Crawford wrote:
> What is the correct way to turn on MD5 hashing in SMTP and HTTP logs?
> Which variables do I need to set in my share/bro/site/local.bro ?
# Windows executables are hashed by default (it's a regex matching the mime type of the file)
redef HTTP::generate_md5 += /image.*/;
redef SMTP::generate_md5 += /image.*/;
Those were pulled from these pages in our docs…
This is being seriously reworked for 2.1 right now too. There is going to be a file analysis policy where you will be able to be declare more easily with much better granularity when you'd like to do certain analyses.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro