[Bro] Extract only certain files types

Fernandez, Mark I mfernandez at mitre.org
Fri Feb 16 03:47:57 PST 2018


>> What should the extract-all-files.bro look like in order to
>> only extract pdf, exe, doc and docx?

The fa_metadata record contains the MIME type.  Using the MIME type, you can make a condition on whether or not to extract the file.


More information about the Bro mailing list