[Bro] intel or notice on client software signed with a cert
seth at icir.org
Tue Feb 18 06:42:09 PST 2014
On Feb 18, 2014, at 8:32 AM, John Babio <jbabio at po-box.esu.edu> wrote:
> Can you utilize the intel framework for this type of alerting? I want to alert on client software signed with a certificate containing a particular name or serial.
We aren't quite at the point yet where certificates are parsed out of executables. We are working in that direction though and it *should* be possible in the future do exactly this.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140218/43370d96/attachment.bin
More information about the Bro