[Bro] Extract only certain files types

Fernandez, Mark I mfernandez at mitre.org
Fri Feb 16 03:47:57 PST 2018

Previous message: [Bro] Extract only certain files types
Next message: [Bro] Bro training/ brocon
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ambros,

>> What should the extract-all-files.bro look like in order to
>> only extract pdf, exe, doc and docx?

The fa_metadata record contains the MIME type.  Using the MIME type, you can make a condition on whether or not to extract the file.

Mark

Previous message: [Bro] Extract only certain files types
Next message: [Bro] Bro training/ brocon
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Bro mailing list