[Bro] Any thoughts on "Microsoft-CryptoAPI/10.0" user-agent?
Keith Lehigh
klehigh at iu.edu
Tue Feb 21 06:40:40 PST 2017
Confirmed with a virtual machine I have running Windows 10.
- Keith
> On Feb 21, 2017, at 09:26, Seth Hall <seth at icir.org> wrote:
>
>
>> On Feb 21, 2017, at 8:40 AM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
>>
>> I am trying to figure out what Windows operating system version have
>> the user agent "Microsoft-CryptoAPI/10.0" when it accesses Microsoft Certificate Revocation List (CRL).
>>
>> I am seeing good amount of these in software.log, where it ends up being "Unknown CryptoAPI Version" as the windows-version-detection.bro script doesn't have a mapping for that CryptoAPI.
>
> I suspect this is Windows 10. Can someone out there validate that suspicion so we can add that to the windows version detection script?
>
> .Set
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170221/b7fe7f02/attachment.bin
More information about the Bro
mailing list