[Bro] file hashing, and virustotal api

Seth Hall seth at icir.org
Tue Apr 28 13:17:28 PDT 2015


> On Apr 28, 2015, at 1:50 PM, Brian Chilton <chilton.brian at yahoo.com> wrote:
> 
> Thanks for all the help on my previous question, but now I have another.  I would like to take the hashed values of files that bro see's and check them against virustotal using their API Key.

Here’s a script I presented at the recent Bro4Pros event.  virus-total.bro has the core code and vt-hashing.bro integrates with the file analysis.

  .Seth


-------------- next part --------------
A non-text attachment was scrubbed...
Name: virus-total.bro
Type: application/octet-stream
Size: 2809 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150428/e19f7b02/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vt-hashing.bro
Type: application/octet-stream
Size: 1121 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150428/e19f7b02/attachment-0001.obj 
-------------- next part --------------

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150428/e19f7b02/attachment.bin 


More information about the Bro mailing list