[Bro] SMTP attachments and files from other ports/protocols
James Lay
jlay at slave-tothe-box.net
Thu Jul 9 14:08:58 PDT 2015
On 2015-07-09 01:42 PM, Sanner, Daniel A wrote:
> Is there a script that exists or that can be modified to be able to
> capture/download attachments that are detected?
> Specifically, looking for SMTP attachments in e-mails. However, files
> in the Files.log could be helpful too.
> Right now, the best I can figure is that the SMTP log is just a copy
> of e-mail headers and nothing more.
> The files.log only has MD5 and/or SHA1 hashes, but no details about
> file name, type, or even the file itself.
> We had heard that there are tools out there like Bro (if not Bro
> itself) that can do this.
> If Bro has this capability, storage media requirements is not an
> issue.
> Any additional information that I can glean and add to the logs could
> be helpful.
>
> Thanks in advance,
> Dan
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
And you can look at what I just posted. I found it to be beneficial to
have a rough idea of what kind of files you want to extract out before
starting out.
James
More information about the Bro
mailing list