[Bro] File extraction after checking hash.
Seth Hall
seth at icir.org
Tue Oct 4 07:45:28 PDT 2016
> On Oct 4, 2016, at 10:42 AM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
>
> I think following could be used to some extent for crude analyses of the file on wire (please correct me if m wrong):
>
> event: file_extraction_limit
That event is only if the maximum file size that you set for the file when you attached the extraction analyzer is about to be crossed. You would still have to start extracting the file for this event to happen.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list