[Bro] Comparing file details and connection details at the same time
John B. Althouse III
sudo.darkstar at gmail.com
Thu Jan 12 15:34:15 PST 2017
I want to my script to look at the conn details of a ssl session, orig_h,
resp_h, ect. and also look at specific file details for that session,
How do I correlate the two in a Bro script since Bro handles connections
and files separately?
My thought process was to use 'event ssl_established' since it would have
most of what I want but it doesn't have x509 file details like the
certificate.sig_alg and I wasn't able to find the event that would contain
Anyone know how I can do this?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro