[Bro] SMTP attachments and files from other ports/protocols
Sanner, Daniel A
daniel.sanner at pnnl.gov
Thu Jul 9 12:42:03 PDT 2015
Is there a script that exists or that can be modified to be able to capture/download attachments that are detected?
Specifically, looking for SMTP attachments in e-mails. However, files in the Files.log could be helpful too.
Right now, the best I can figure is that the SMTP log is just a copy of e-mail headers and nothing more.
The files.log only has MD5 and/or SHA1 hashes, but no details about file name, type, or even the file itself.
We had heard that there are tools out there like Bro (if not Bro itself) that can do this.
If Bro has this capability, storage media requirements is not an issue.
Any additional information that I can glean and add to the logs could be helpful.
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro