[Bro] Any thoughts on "Microsoft-CryptoAPI/10.0" user-agent?
fatema.bannatwala at gmail.com
Tue Feb 21 05:40:50 PST 2017
I am trying to figure out what Windows operating system version have
the user agent "Microsoft-CryptoAPI/10.0" when it accesses Microsoft
Certificate Revocation List (CRL).
I am seeing good amount of these in software.log, where it ends up being
"Unknown CryptoAPI Version" as the windows-version-detection.bro script
doesn't have a mapping for that CryptoAPI.
Therefore was thinking if anyone knows more about this user agent and what
information we can
infer about the OS from it.
Appreciate the help.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro