[Bro] Any thoughts on "Microsoft-CryptoAPI/10.0" user-agent?
seth at icir.org
Tue Feb 21 06:26:27 PST 2017
> On Feb 21, 2017, at 8:40 AM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
> I am trying to figure out what Windows operating system version have
> the user agent "Microsoft-CryptoAPI/10.0" when it accesses Microsoft Certificate Revocation List (CRL).
> I am seeing good amount of these in software.log, where it ends up being "Unknown CryptoAPI Version" as the windows-version-detection.bro script doesn't have a mapping for that CryptoAPI.
I suspect this is Windows 10. Can someone out there validate that suspicion so we can add that to the windows version detection script?
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro