[Bro] Filenames not extracted in files.log
bruisebrotherprobert at gmail.com
Wed Apr 30 06:47:43 PDT 2014
Thanks for the thoughtful replies Chuck and Seth.
I will add this field to my files log and name it "inferred_filename". For
everyone else on the list, I will forward this along when I'm finished.
Seth - I don't agree with your assumption that I don't want to see the
filename from the URL, I think that this is pretty relevant data,
especially when viewed from a security context. I do however agree that one
should definitely not "trust" the URL. This is the beauty of Bro - I can
add and remove this data at my discretion :-).
On Tue, Apr 29, 2014 at 8:16 PM, Seth Hall <seth at icir.org> wrote:
> On Apr 29, 2014, at 10:42 PM, Charles A. Fair <charles.fair at mac.com>
> > The file analysis framework does not annotate the original file names as
> I understand it.
> The file analysis framework itself doesn't do it. Some of the protocol
> scripts poke forward into files transferred and annotate the files log with
> a file name if a suitable one was found.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro