[Bro] SFTP analysis
Johanna Amann
johanna at icir.org
Mon Apr 11 13:46:49 PDT 2016
That is for copying Bro log files to another host via sftp, not for
parsing sftp sessions, sorry.
Unless that is what you originally asked for :)
Johanna
On 11 Apr 2016, at 22:21, john smith wrote:
> Thanks Johanna!
>
> There is a builtin script
> /bro/frameworks/logging/postprocessors/sftp.bro.
> Can that be used and how? Thanks.
>
> John
>
> On Fri, Apr 1, 2016 at 1:52 AM, Johanna Amann <johanna at icir.org>
> wrote:
>
>> Hello John,
>>
>> On Thu, Mar 31, 2016 at 09:25:42AM -0700, john smith wrote:
>>> Does anyone know if Bro supports SFTP? Thanks in advance.
>>
>> Bro supports and gives information about SSH; since SFTP traffic is
>> just
>> encapsulated inside the encrypted SSH session, there is not really
>> much
>> more that we can do.
>>
>> I hope this helps,
>> Johanna
>>
More information about the Bro
mailing list