[Bro-Dev] [JIRA] (BIT-1335) Extract all files policy script

Aashish Sharma (JIRA) jira at bro-tracker.atlassian.net
Fri Mar 13 11:34:00 PDT 2015

    [ https://bro-tracker.atlassian.net/browse/BIT-1335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19942#comment-19942 ] 

Aashish Sharma commented on BIT-1335:

I prefer keeping protocol + fid  - Easy to sort extracted files in different buckets quickly when going through a big pcap.  Generally there isn't big need to tie back a file with session since the extractions are "going forward" in workflow. However FID is sufficient to tie backwards with other logs. 

I am sure you have a better use case for uid+timestamp. I cannot quite think of one. 

(I take timestamp is for case where multiple files are part of same uid ?) 

> Extract all files policy script
> -------------------------------
>                 Key: BIT-1335
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1335
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: 2.4
>            Reporter: grigorescu
>            Assignee: Jon Siwek
>            Priority: Trivial
>             Fix For: 2.4
> We've mentioned a few times that it'd be nice to have an "extract all files" policy script that ships with Bro. Can we get this into 2.4?

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list