[Bro] Question about data format of ssl.log files

Tim Ray tray at 21ct.com
Thu Feb 21 08:52:59 PST 2013

Yeah, that's true. Can we convert their public keys using the openSSL
commands? I gave it a try but got an error early.

On 2/21/13 10:07 AM, "Seth Hall" <seth at icir.org> wrote:

>On Feb 20, 2013, at 9:55 PM, Seth Hall <seth at icir.org> wrote:
>> On Feb 20, 2013, at 5:01 PM, Tim Ray <tray at 21ct.com> wrote:
>>> So, the APT1 report has the certs in text format. Does Bro use that?
>>>Or is
>>> it all in DER?
>And I just realized there is a problem now that I look at the data.
>Mandiant didn't distribute hashes for any of the certificates. :(
>  .Seth
>Seth Hall
>International Computer Science Institute
>(Bro) because everyone has a network

More information about the Bro mailing list