[Bro] software.log

John Babio jbabio at po-box.esu.edu
Tue Dec 10 16:23:24 PST 2013


I can't seem to get the actual player to trigger. Is it supposed to show up in software.log as Flash not Adobe Flash Player? Security onion has a vulnerable config including flash but I have never seen it show up in software.log.
________________________________________
From: Justin Azoff [JAzoff at albany.edu]
Sent: Tuesday, December 10, 2013 7:16 PM
To: John Babio
Cc: bro at bro.org
Subject: Re: [Bro] software.log

On Wed, Dec 11, 2013 at 12:02:40AM +0000, John Babio wrote:
> 1386717221.171855       x.x.x.x     -       HTTP::BROWSER   Adobe Flash Player      -       -       -       -       -       Adobe Flash Player
>
> Bro isn't displaying and version info. Is there a reason?

For those connections the client sent just "Adobe Flash Player" as the
user-agent.  It appears the flash updater does this when downloading the
newest version.

--
-- Justin Azoff
-- Network Security & Performance Analyst




More information about the Bro mailing list