[Bro] Any thoughts on "Microsoft-CryptoAPI/10.0" user-agent?
fatema.bannatwala at gmail.com
Tue Feb 21 07:01:55 PST 2017
Thanks Seth, Mike and Keith for the confirmation, will update the script to
log it as win10 system! :)
On Tue, Feb 21, 2017 at 9:41 AM, Mike Patterson <mike.patterson at uwaterloo.ca
> > On Feb 21, 2017, at 09:26, Seth Hall <seth at icir.org> wrote:
> >> On Feb 21, 2017, at 8:40 AM, fatema bannatwala <
> fatema.bannatwala at gmail.com> wrote:
> >> I am trying to figure out what Windows operating system version have
> >> the user agent "Microsoft-CryptoAPI/10.0" when it accesses Microsoft
> Certificate Revocation List (CRL).
> >> I am seeing good amount of these in software.log, where it ends up
> being "Unknown CryptoAPI Version" as the windows-version-detection.bro
> script doesn't have a mapping for that CryptoAPI.
> > I suspect this is Windows 10. Can someone out there validate that
> suspicion so we can add that to the windows version detection script?
> I have Win10 down for CryptoAPI 6.4, along with Server 2016, but my notes
> there are pretty old (like, Win10 GA timeframe).
> I'm now seeing CryptoAPI 10.0 as well, confirmed on several hosts as being
> Win10. Maybe there's a difference between editions? I can't easily find out
> what versions ours are.
> > .Set
> +h? ;)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro