[Bro] Any thoughts on "Microsoft-CryptoAPI/10.0" user-agent?

fatema bannatwala fatema.bannatwala at gmail.com
Tue Feb 21 05:40:50 PST 2017


I am trying to figure out what Windows operating system version have
the user agent "Microsoft-CryptoAPI/10.0" when it accesses Microsoft
Certificate Revocation List (CRL).

I am seeing good amount of these in software.log, where it ends up being
"Unknown CryptoAPI Version" as the windows-version-detection.bro script
doesn't have a mapping for that CryptoAPI.

Therefore was thinking if anyone knows more about this user agent and what
information we can
infer about the OS from it.

Appreciate the help.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170221/a7c24509/attachment.html 

More information about the Bro mailing list