[Bro] When is the file hash value available for the X509 certificate?
Johanna Amann
johanna at icir.org
Thu Dec 6 10:38:57 PST 2018
Unless I am forgetting something big - not all that complicated... for
some measure of complicated. It might need extending a few records to have
the data in the right place... I would try doing it similarly to how the
certificate subject is currently put into ssl.log.
Johanna
On Thu, Dec 06, 2018 at 12:58:32PM -0500, Michał Purzyński wrote:
> Yeah, it works for me. How complicated would it be to add everything to the ssl log, out of curiosity?
>
> > On Dec 6, 2018, at 10:05 AM, Johanna Amann <johanna at icir.org> wrote:
> >
> > Hi Michal,
> >
> >> Ideally I would just add that hash to the x509 as an extra field and
> >> have the best of both worlds (and possibly the fuid as well).
> >
> > One small additional question here - does the solution that you have now
> > satisfy this, or did you want the information in some other log-file (e.g.
> > ssl.log)?
> >
> > Johanna
>
More information about the Bro
mailing list