[Bro] SSN detection script
Seth Hall
seth at icir.org
Mon Aug 20 14:12:41 PDT 2012
On Aug 16, 2012, at 1:54 PM, Seth Hall <seth at icir.org> wrote:
> https://github.com/sethhall/ssn-exposure
I just added a small configuration option for this script to enable redaction on the ssn_exposure.log since users were having PII logs created for them by positive detections.
It can be enabled with:
redef SsnExposure::redact_logs = T;
I did another little fix to remove SSNs from notices too (they weren't supposed to be there in the first place!).
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list