[Bro] Question on file hashes and cyrmu db
dave at dechellis.com
Thu Aug 14 18:26:22 PDT 2014
I'm helping to customize an existing deployment of Bro and while I think I'm
collecting all the file info correctly, I'm not hitting any matches when I run
the hashes against cymru's database. I was wondering if someone could confirm
that none of these hashes match either. I've run them against the DNS,Whois
and web queries and had no luck. I work at a very open place and I find it
almost impossible that not one of the 1.7M hashes match. In the event there
are no matches, could someone point me to some sample pcap files so I can test
If someone wanted to help cross correlate my findings, I could send offline a
.gz of 1.7M hashes from a few hours of collection.
Thanks again for any help or assistance
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro