[Bro] Quick smtp-url-extraction question
John_Lankau at sra.com
Thu Aug 14 05:57:52 PDT 2014
I just wanted to add that I think that script that logs SMTP URLs would get a lot of use in our environment as well. It’s been an elusive data point, but one we really would like to have. We’ve been having high-level discussions on how to implement something that does this exact process in our office, so I’d be very interested in using this script once it’s ready as well.
From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of James Lay
Sent: Thursday, August 07, 2014 7:50 PM
To: bro at bro-ids.org
Subject: Re: [Bro] Quick smtp-url-extraction question
On Thu, 2014-08-07 at 13:39 -0400, Seth Hall wrote:
On Aug 7, 2014, at 1:30 PM, James Lay <jlay at slave-tothe-box.net<mailto:jlay at slave-tothe-box.net>> wrote:
> I would absolutely love a script that would log urls....we all know that quoted-printable and bas364 shenanigans may get missed
Much of that should be handled automatically by the mime analyzer (I'm not sure of the limits of that offhand).
> , but every little bit helps..thanks a bunch Seth.
I'll see if I can get to it soon.
International Computer Science Institute
(Bro) because everyone has a network
Thanks again Seth.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro