[Bro] Comparing file details and connection details at the same time
John B. Althouse III
sudo.darkstar at gmail.com
Thu Jan 12 15:34:15 PST 2017
Brograming question;
I want to my script to look at the conn details of a ssl session, orig_h,
resp_h, ect. and also look at specific file details for that session,
x509::certificate.sig_alg
How do I correlate the two in a Bro script since Bro handles connections
and files separately?
My thought process was to use 'event ssl_established' since it would have
most of what I want but it doesn't have x509 file details like the
certificate.sig_alg and I wasn't able to find the event that would contain
both.
Anyone know how I can do this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170112/2cd7ffd3/attachment.html
More information about the Bro
mailing list