[Bro] SFTP analysis
johanna at icir.org
Mon Apr 11 13:46:49 PDT 2016
That is for copying Bro log files to another host via sftp, not for
parsing sftp sessions, sorry.
Unless that is what you originally asked for :)
On 11 Apr 2016, at 22:21, john smith wrote:
> Thanks Johanna!
> There is a builtin script
> Can that be used and how? Thanks.
> On Fri, Apr 1, 2016 at 1:52 AM, Johanna Amann <johanna at icir.org>
>> Hello John,
>> On Thu, Mar 31, 2016 at 09:25:42AM -0700, john smith wrote:
>>> Does anyone know if Bro supports SFTP? Thanks in advance.
>> Bro supports and gives information about SSH; since SFTP traffic is
>> encapsulated inside the encrypted SSH session, there is not really
>> more that we can do.
>> I hope this helps,
More information about the Bro