[Bro] File extraction after checking hash.
fatema.bannatwala at gmail.com
Tue Oct 4 07:57:41 PDT 2016
Hmm, got it! :)
On Tue, Oct 4, 2016 at 10:45 AM, Seth Hall <seth at icir.org> wrote:
> > On Oct 4, 2016, at 10:42 AM, fatema bannatwala <
> fatema.bannatwala at gmail.com> wrote:
> > I think following could be used to some extent for crude analyses of the
> file on wire (please correct me if m wrong):
> > event: file_extraction_limit
> That event is only if the maximum file size that you set for the file when
> you attached the extraction analyzer is about to be crossed. You would
> still have to start extracting the file for this event to happen.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro