[Bro-Dev] #440: Add MD5 summing to existing file analyzer
Bro Tracker
bro at tracker.icir.org
Fri Apr 22 12:10:22 PDT 2011
#440: Add MD5 summing to existing file analyzer
------------------------------+------------------------
Reporter: seth | Owner:
Type: Feature Request | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Resolution: | Keywords:
------------------------------+------------------------
Comment (by aashish):
None
Filename None could not be saved, problem: (13, 'Permission denied')\May
be I am stating the obvious:
I'd say enable checksumming for 'WatchedMIME_Types'.
Also, it would be useful, at policy level, to have alert trigged if
there is a checksum match (md5) to a known list of bad md5 hashes.
Aashish
On Fri, Apr 22, 2011 at 04:43:13PM -0000, Bro Tracker wrote:
> #440: Add MD5 summing to existing file analyzer
> -----------------------------+------------------------
> Reporter: seth | Owner:
> Type: Feature Request | Status: new
> Priority: Normal | Milestone: Bro1.6
> Component: Bro | Version: git/master
> Keywords: |
> -----------------------------+------------------------
> It should be pretty straight forward, but there is a question about
> how/when to enable the checksumming because we don't want it to always
be
> enabled. It would be most helpful if we were able to get an initial
chunk
> of data (for mime typing) prior to enabling the checksumming.
>
> I would *like* this to happen for 1.6, but if we don't come up with a
good
> way to do it it doesn't matter too much since this feature will also be
> deprecated by the file analysis revisions that I proposed so if there
> isn't an obvious way to do it, let's skip it.
>
> --
> Ticket URL: <http://tracker.icir.org/bro/ticket/440>
> Bro Tracker <http://tracker.icir.org/bro>
> Bro Issue Tracker
>
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro-ids.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[attachment:"None"]
--
Ticket URL: <http://tracker.icir.org/bro/ticket/440#comment:0>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list