[Bro-Dev] #440: Add MD5 summing to existing file analyzer

Bro Tracker bro at tracker.icir.org
Fri Apr 22 12:10:22 PDT 2011 

#440: Add MD5 summing to existing file analyzer
------------------------------+------------------------
  Reporter:  seth             |      Owner:
      Type:  Feature Request  |     Status:  new
  Priority:  Normal           |  Milestone:  Bro1.6
 Component:  Bro              |    Version:  git/master
Resolution:                   |   Keywords:
------------------------------+------------------------

Comment (by aashish):

 None
 Filename None could not be saved, problem: (13, 'Permission denied')\May
 be I am stating the obvious:

 I'd say enable checksumming for 'WatchedMIME_Types'.

 Also, it would be useful, at policy level, to have alert trigged if
 there is a checksum match (md5) to a known list of bad md5 hashes.

 Aashish


 On Fri, Apr 22, 2011 at 04:43:13PM -0000, Bro Tracker wrote:
 > #440: Add MD5 summing to existing file analyzer
 > -----------------------------+------------------------
 >  Reporter:  seth             |      Owner:
 >      Type:  Feature Request  |     Status:  new
 >  Priority:  Normal           |  Milestone:  Bro1.6
 > Component:  Bro              |    Version:  git/master
 >  Keywords:                   |
 > -----------------------------+------------------------
 >  It should be pretty straight forward, but there is a question about
 >  how/when to enable the checksumming because we don't want it to always
 be
 >  enabled.  It would be most helpful if we were able to get an initial
 chunk
 >  of data (for mime typing) prior to enabling the checksumming.
 >
 >  I would *like* this to happen for 1.6, but if we don't come up with a
 good
 >  way to do it it doesn't matter too much since this feature will also be
 >  deprecated by the file analysis revisions that I proposed so if there
 >  isn't an obvious way to do it, let's skip it.
 >
 > --
 > Ticket URL: <http://tracker.icir.org/bro/ticket/440>
 > Bro Tracker <http://tracker.icir.org/bro>
 > Bro Issue Tracker
 >
 > _______________________________________________
 > bro-dev mailing list
 > bro-dev at bro-ids.org
 > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

 [attachment:"None"]

-- 
Ticket URL: <http://tracker.icir.org/bro/ticket/440#comment:0>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list