[Bro] File Extraction Related Scripting Questions

Seth Hall seth at icir.org
Fri Sep 19 11:50:40 PDT 2014


On Sep 19, 2014, at 1:41 PM, Jason Batchelor <jxbatchelor at gmail.com> wrote:

> I would be :).

Woo!

> Would you mind pointing me in the right direction to how I might make type signatures and indicators as you describe.

https://github.com/bro/bro/tree/master/scripts/base/frameworks/files/magic

Any attention to those file detections would be great.  I would also like to start getting some tests in place that verify we are detecting these files correctly going into the future.  Feel free to ask if you have any questions.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/





More information about the Bro mailing list