[Bro] Any thoughts on "Microsoft-CryptoAPI/10.0" user-agent?

Seth Hall seth at icir.org
Tue Feb 21 06:26:27 PST 2017

> On Feb 21, 2017, at 8:40 AM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
> I am trying to figure out what Windows operating system version have
> the user agent "Microsoft-CryptoAPI/10.0" when it accesses Microsoft Certificate Revocation List (CRL).
> I am seeing good amount of these in software.log, where it ends up being "Unknown CryptoAPI Version" as the windows-version-detection.bro script doesn't have a mapping for that CryptoAPI.

I suspect this is Windows 10.  Can someone out there validate that suspicion so we can add that to the windows version detection script?


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list