[Bro-Dev] ASCII response filetype
Keith Lehigh
klehigh at iu.edu
Mon Sep 18 13:43:00 PDT 2017
Hi Folks,
I’ve been mulling over an addition to the file mime type
signature that consists of “1 to 16 ASCII readable characters”. 16
is an arbitrary length cutoff. The purpose of this signature would be
to log instances where a short status code is returned by a web service.
I see lots of responses like “[]” or “OK” or “Success” and
currently these are logged in files.log as unknown file types. I think
Bro would be improved by logging a filetype for these responses.
Using the entire set of readable ASCII characters would make this
flexible enough to handle various responses w/o trying to enumerate all
possibilities. A downside would be differentiating a short text file.
I don’t have much of a solution for that problem at this point, but
I’d be open to suggestions. I’m sure there are other downsides
I’m not seeing. Thoughts?
- Keith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20170918/efa02d56/attachment.html
More information about the bro-dev
mailing list