[Bro] Any thoughts on "Microsoft-CryptoAPI/10.0" user-agent?

Seth Hall seth at icir.org
Tue Feb 21 06:26:27 PST 2017


> On Feb 21, 2017, at 8:40 AM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
> 
> I am trying to figure out what Windows operating system version have
> the user agent "Microsoft-CryptoAPI/10.0" when it accesses Microsoft Certificate Revocation List (CRL).
> 
> I am seeing good amount of these in software.log, where it ends up being "Unknown CryptoAPI Version" as the windows-version-detection.bro script doesn't have a mapping for that CryptoAPI.

I suspect this is Windows 10.  Can someone out there validate that suspicion so we can add that to the windows version detection script?

  .Set

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the Bro mailing list