[Bro] using bro for file extraction
Hyun Yoo
easetheworld at gmail.com
Mon Aug 31 14:33:45 PDT 2015
Look at 'scripts/base/protocols/conn/contents.bro' for example. That
extract sessions and save to disks.
2015. 9. 1. 오전 4:22에 "Earl Eiland" <earl.eiland at root9b.com>님이 작성:
> I want to use bro to extract files for external analysis.
> Bro::FileDataEvent appears to be the proper approach. However, I’m not
> finding the event to write a script for, nor do I know how to write to
> anything other than a log file.
>
>
>
> Please advise!
>
>
>
> Best Regards,
>
>
>
> Earl Eiland,
>
> Sr. Cyber Security Engineer,
>
> Emerging Technologies, root9B,
>
> San Antonio, Texas
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150901/7c9ad4d3/attachment.html
More information about the Bro
mailing list