[Bro] Does files.log generator recognize application/json file types?
Seth Hall
seth at icir.org
Thu Apr 2 21:21:07 PDT 2015
> On Apr 1, 2015, at 9:52 AM, Tim Molter <tim.molter at gmail.com> wrote:
>
> Does `files.log` generator recognize application/json file types, and if
> not, what could I modify to get that to work? What does the generator
> key into to make the decision?
It does not. Unfortunately JSON detection would be pretty difficult and fraught with false positives. If you have a regex that you’d like to suggest for matching JSON I’m sure some people could try it and we could find out if it’s resilient enough.
With Bro 2.3+ you can write your own file signatures that you can load in to try and sniff file mime types.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list