[Bro] user agent string data enrichment
Kris Secinfo
krissecinfo at gmail.com
Thu Jan 5 09:03:52 PST 2017
All-
I am new to Bro, and am trying to find a way to "enrich" the user agent
string to a more readable format. Is there a way that Bro can read the
value that is in the user agent string, compare it to a table of known
strings and present the "readable" value in a new field?
For example, I would want Bro to see
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/55.0.2883.87 Safari/537.36
and add a new field that reads something to the effect of "Google Chrome
Version 55.0.2883.87 m (64-bit)"
Thanks in advance for any new tips/starting points offered!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170105/5c8fe07c/attachment.html
More information about the Bro
mailing list