[Bro-Dev] [JIRA] (BIT-1335) Extract all files policy script
Aashish Sharma (JIRA)
jira at bro-tracker.atlassian.net
Fri Mar 13 11:34:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19942#comment-19942 ]
Aashish Sharma commented on BIT-1335:
-------------------------------------
I prefer keeping protocol + fid - Easy to sort extracted files in different buckets quickly when going through a big pcap. Generally there isn't big need to tie back a file with session since the extractions are "going forward" in workflow. However FID is sufficient to tie backwards with other logs.
I am sure you have a better use case for uid+timestamp. I cannot quite think of one.
(I take timestamp is for case where multiple files are part of same uid ?)
> Extract all files policy script
> -------------------------------
>
> Key: BIT-1335
> URL: https://bro-tracker.atlassian.net/browse/BIT-1335
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: 2.4
> Reporter: grigorescu
> Assignee: Jon Siwek
> Priority: Trivial
> Fix For: 2.4
>
>
> We've mentioned a few times that it'd be nice to have an "extract all files" policy script that ships with Bro. Can we get this into 2.4?
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
More information about the bro-dev
mailing list