[Bro] Any thoughts on "Microsoft-CryptoAPI/10.0" user-agent?
fatema bannatwala
fatema.bannatwala at gmail.com
Tue Feb 21 05:40:50 PST 2017
Hello,
I am trying to figure out what Windows operating system version have
the user agent "Microsoft-CryptoAPI/10.0" when it accesses Microsoft
Certificate Revocation List (CRL).
I am seeing good amount of these in software.log, where it ends up being
"Unknown CryptoAPI Version" as the windows-version-detection.bro script
doesn't have a mapping for that CryptoAPI.
Therefore was thinking if anyone knows more about this user agent and what
information we can
infer about the OS from it.
Appreciate the help.
Thanks,
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170221/a7c24509/attachment.html
More information about the Bro
mailing list