[Bro] MD5 Hashing
Seth Hall
seth at icir.org
Tue Mar 13 12:30:30 PDT 2012
On Mar 13, 2012, at 3:24 PM, Chris Crawford wrote:
> So, hypothetically, if I wanted SMTP to MD5 hash all mime types that
> are image.* or application.*, I would add the lines below to my
> local.bro?
>
> redef SMTP::generate_md5 += /image.*/;
> redef SMTP::generate_md5 += /application.*/;
Yep, just keeping in mind that the PDF mime type falls within application/ too (and a number of others).
> I'm assuming that the += operator appends new regular expressions. Is
> that correct?
Correct.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list