[Bro] Enable ssh detection?
Jon Siwek
jsiwek at corelight.com
Thu Sep 20 10:15:24 PDT 2018
On Thu, Sep 20, 2018 at 4:52 AM rahul rakesh <rahulbroids at gmail.com> wrote:
> When log-sample.bro is executed with newssh3aes.pcapng file, only ssh_client_version
> event is generated,but other two ssh events such as "ssh_auth_successful" and "ssh_auth_failed"
> are not generated.
Thanks for explaining. One thing I noticed is that there's a
difference in events generated between Bro 2.5.5 and 2.6-beta, with
the later raising more events. The patch that results in the
difference is at [1] in case you want to try to apply it or else I'd
suggest trying out the beta version.
- Jon
[1] https://github.com/bro/bro/commit/7e374f8c3f800b7fc2cdd4cf36dab753d3013754
More information about the Bro
mailing list