[Bro] complete analysis system for detecting malware
John Zhang
kingzyycn at gmail.com
Tue Jan 14 10:03:32 PST 2014
Hi Richard,
similar, but hope using open source tools. Any comment?
BTW, I love your APT1 report.
Thanks!
John
2014/1/15 Richard Bejtlich <taosecurity at gmail.com>
> FireEye?
>
> Sorry, I couldn't resist...
>
> Richard
>
> On Tue, Jan 14, 2014 at 12:46 PM, John Zhang <kingzyycn at gmail.com> wrote:
> > Hi all,
> >
> > Actually I am planning one complete analysis system(long term) for
> detecting
> > and tracing malware and other threats, it can do:
> > 1, live capture full-content network(up to several GBs)
> > 2, and extract files and contents from traffic, specially these contents
> in
> > http, ftp, email traffic
> > 3, and send these contents to local sandbox, or to remote sandbox
> service,
> > for checking them; or check them against external threat intelligence.
> >
> > Could you help recommend some tools for the above jobs?
> >
> > I do need the experience, suggestion and comment from you all.
> >
> > Thank you !
> >
> > Regards,
> > John
> >
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140115/60d8e2b9/attachment.html
More information about the Bro
mailing list