[Bro] files.log
erik clark
philosnef at gmail.com
Thu Sep 29 04:22:49 PDT 2016
According to splunk/files.log, these list "pe_xor, md5, sha1,sha256" in
the analyzer section. Its actually a lot more than that, and slight
variations. Generally speaking, almost every entry is a variant of that 4
analyzers. Could this be an issue with the pe_xor module? Moreover, files
that we have filenames for (f.txt from google for instance) have the same
analyzers running as well.
On Wed, Sep 28, 2016 at 10:16 PM, Seth Hall <seth at icir.org> wrote:
>
> > On Sep 28, 2016, at 1:50 PM, erik clark <philosnef at gmail.com> wrote:
> >
> > 98% of all entries in our files.log are null values. Is this to be
> expected?
>
> What analyzers are the files coming from?
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160929/71c7aca7/attachment.html
More information about the Bro
mailing list