[Bro] Raw (eml) Email Extraction Bro 2.4
V. Garramone
vgarramone at gmail.com
Thu Sep 3 09:39:23 PDT 2015
Hi Everyone,
I would like to do full email extraction (eml) to file from STMP traffic;
should this happen naturally with the new file extraction framework?
I found this exchange from a while back, but haven't found anything more
recent on the topic:
http://mailman.icsi.berkeley.edu/pipermail/bro/2014-July/007224.html
I'm currently using Bro 2.4 and a script pretty similar to this one for
file extraction:
https://github.com/Security-Onion-Solutions/securityonion-bro-scripts/blob/master/file-extraction/extract.bro
It looks like I'm getting the message content and attachments, but
apparently not the raw email.
Any tips would be greatly appreciated!
Thanks very much,
VG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150903/9f311fbc/attachment.html
More information about the Bro
mailing list