[Bro] Filemagic
Jon Siwek
jsiwek at corelight.com
Thu Sep 6 08:23:54 PDT 2018
On Wed, Sep 5, 2018 at 7:54 PM Carl Rotenan <carlrotenan at gmail.com> wrote:
> Is there a way to dump all the file magic signatures and their corresponding strength in 2.5.5?
The information should all be available in the files at [1] and I'm
only aware of this way of getting Bro to dump related debug
information:
bro -b --debug-rules base/frameworks/files/magic
Beyond that, you may have to do your own parsing or hack something in
to output in the format you want.
- Jon
[1] https://github.com/bro/bro/tree/v2.5.5/scripts/base/frameworks/files/magic
More information about the Bro
mailing list