[Bro] intel or notice on client software signed with a cert

Seth Hall seth at icir.org
Tue Feb 18 06:42:09 PST 2014

On Feb 18, 2014, at 8:32 AM, John Babio <jbabio at po-box.esu.edu> wrote:

> Can you utilize the intel framework for this type of alerting? I want to alert on client software signed with a certificate containing a particular name or serial.

We aren't quite at the point yet where certificates are parsed out of executables.  We are working in that direction though and it *should* be possible in the future do exactly this.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140218/43370d96/attachment.bin 

More information about the Bro mailing list