[Bro] Detecting remote powershell
James Lay
jlay at slave-tothe-box.net
Fri Mar 16 09:52:29 PDT 2018
Ah...ok well there it is...I'll get a bug report going as I see the
connection in conn.log, but nothing in http.log...thanks Seth!
James
On 2018-03-15 09:41, Seth Hall wrote:
> On 9 Mar 2018, at 15:54, James Lay wrote:
>
>> So any chance we can get 5985 added to the list of "http" ports to
>> parse, thank you.
>
> No need. Bro should automatically detect HTTP and add the analyzer.
> If it isn't working correctly then I think we can view that as a bug.
>
> .Seth
>
> --
> Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro
mailing list