[Bro] File extraction after checking hash.
fatema bannatwala
fatema.bannatwala at gmail.com
Tue Oct 4 07:57:41 PDT 2016
Hmm, got it! :)
On Tue, Oct 4, 2016 at 10:45 AM, Seth Hall <seth at icir.org> wrote:
>
> > On Oct 4, 2016, at 10:42 AM, fatema bannatwala <
> fatema.bannatwala at gmail.com> wrote:
> >
> > I think following could be used to some extent for crude analyses of the
> file on wire (please correct me if m wrong):
> >
> > event: file_extraction_limit
>
> That event is only if the maximum file size that you set for the file when
> you attached the extraction analyzer is about to be crossed. You would
> still have to start extracting the file for this event to happen.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161004/24f031b8/attachment.html
More information about the Bro
mailing list