[Bro] Question on file hashes and cyrmu db
Dave DeChellis
dave at dechellis.com
Fri Aug 15 04:47:39 PDT 2014
Thank you Doug,
The bad hash shows up in my files.log but nowhere else - time to troubleshoot the MHR bro script.
Thanks!
Dave
On Aug 15, 2014 6:07 AM, Doug Burks <doug.burks at gmail.com> wrote:
>
> On Thu, Aug 14, 2014 at 9:26 PM, Dave DeChellis <dave at dechellis.com> wrote:
> > In the
> > event there are no matches, could someone point me to some sample pcap files
> > so I can test my scripts?
>
> Hi Dave,
>
> The following pcap generates a TeamCymruMalwareHashRegistry::Match for me:
> https://github.com/markofu/workshop/blob/master/samples/pcaps/netforensics_evidence05.pcap
>
>
> --
> Doug Burks
> Need Security Onion Training or Commercial Support?
> http://securityonionsolutions.com
More information about the Bro
mailing list