[Bro] Any thoughts on "Microsoft-CryptoAPI/10.0" user-agent?
klehigh at iu.edu
Tue Feb 21 06:40:40 PST 2017
Confirmed with a virtual machine I have running Windows 10.
> On Feb 21, 2017, at 09:26, Seth Hall <seth at icir.org> wrote:
>> On Feb 21, 2017, at 8:40 AM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
>> I am trying to figure out what Windows operating system version have
>> the user agent "Microsoft-CryptoAPI/10.0" when it accesses Microsoft Certificate Revocation List (CRL).
>> I am seeing good amount of these in software.log, where it ends up being "Unknown CryptoAPI Version" as the windows-version-detection.bro script doesn't have a mapping for that CryptoAPI.
> I suspect this is Windows 10. Can someone out there validate that suspicion so we can add that to the windows version detection script?
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3569 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170221/b7fe7f02/attachment.bin
More information about the Bro