[Bro-Dev] file analysis extraction analyzer

Seth Hall seth at icir.org
Tue Jun 25 07:40:47 PDT 2013

This is mostly intended for Jon, but I thought it'd be nice for everyone to see it.  

Jon, what do you think about adding extraction events for when an extraction begins and ends?  They could be events like this…

event file_extract_begin(f: fa_file, tag: Analyzer, args: AnalyzerArgs)
event file_extract_end(f: fa_file, tag: Analyzer, args: AnalyzerArgs)

I know that the events don't match how the core works (by splitting $tag out of args) but that's more along the lines of how I'm making the script land API look so I think it makes sense to split the event arguments out that way.  This makes it much easier to write some of the scripts and should generally provide good feedback from the file extraction "analyzer". :)


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20130625/67fc9a73/attachment.bin 

More information about the bro-dev mailing list