[Bro] Stripping SSL on network level

Johanna Amann johanna at icir.org
Thu Dec 13 14:44:55 PST 2018


Hi,

> I was wondering if it is possible for bro to do monitoring at network level
> and also strip SSL from all the machines in network and log unencrypted
> data?

Bro itself does not support any kind of SSL/TLS decryption. If it is fed
unencrypted data (e.g. sitting behing a SSL terminator) it will happily
log it.

> Has something be done to achieve this or are there any plans?

There are no plans current plans that I know of to implement this.

Johanna


More information about the Bro mailing list