[Bro] Question about data format of ssl.log files

Seth Hall seth at icir.org
Thu Feb 21 08:07:34 PST 2013

On Feb 20, 2013, at 9:55 PM, Seth Hall <seth at icir.org> wrote:

> On Feb 20, 2013, at 5:01 PM, Tim Ray <tray at 21ct.com> wrote:
>> So, the APT1 report has the certs in text format. Does Bro use that? Or is
>> it all in DER?

And I just realized there is a problem now that I look at the data.  Mandiant didn't distribute hashes for any of the certificates. :(


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list