[Bro] Quick smtp-url-extraction question

Lankau, John John_Lankau at sra.com
Thu Aug 14 05:57:52 PDT 2014



I just wanted to add that I think that script that logs SMTP URLs would get a lot of use in our environment as well.  It’s been an elusive data point, but one we really would like to have.  We’ve been having high-level discussions on how to implement something that does this exact process in our office, so I’d be very interested in using this script once it’s ready as well.


From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of James Lay
Sent: Thursday, August 07, 2014 7:50 PM
To: bro at bro-ids.org
Subject: Re: [Bro] Quick smtp-url-extraction question

On Thu, 2014-08-07 at 13:39 -0400, Seth Hall wrote:

On Aug 7, 2014, at 1:30 PM, James Lay <jlay at slave-tothe-box.net<mailto:jlay at slave-tothe-box.net>> wrote:

> I would absolutely love a script that would log urls....we all know that quoted-printable and bas364 shenanigans may get missed

Much of that should be handled automatically by the mime analyzer (I'm not sure of the limits of that offhand).

> , but every little bit helps..thanks a bunch Seth.

I'll see if I can get to it soon.



Seth Hall

International Computer Science Institute

(Bro) because everyone has a network


Thanks again Seth.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140814/af424e6c/attachment.html 

More information about the Bro mailing list