[Bro] Enable ssh detection?
rahul rakesh
rahulbroids at gmail.com
Mon Sep 24 05:35:21 PDT 2018
Hi Jon,
Thank you.
Made the changes in Bro 2.5.3 as you suggested,it is working fine.
One more thing, to execute the detect-MHR.bro file located in
frameworks/files folder,
I think some pdf is required to test it. So, Can you suggest me where
can i get pdf file?.
with regards
ravi
On Thu, Sep 20, 2018 at 10:45 PM Jon Siwek <jsiwek at corelight.com> wrote:
> On Thu, Sep 20, 2018 at 4:52 AM rahul rakesh <rahulbroids at gmail.com>
> wrote:
>
> > When log-sample.bro is executed with newssh3aes.pcapng file, only
> ssh_client_version
> > event is generated,but other two ssh events such as
> "ssh_auth_successful" and "ssh_auth_failed"
> > are not generated.
>
> Thanks for explaining. One thing I noticed is that there's a
> difference in events generated between Bro 2.5.5 and 2.6-beta, with
> the later raising more events. The patch that results in the
> difference is at [1] in case you want to try to apply it or else I'd
> suggest trying out the beta version.
>
> - Jon
>
> [1]
> https://github.com/bro/bro/commit/7e374f8c3f800b7fc2cdd4cf36dab753d3013754
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180924/6700daec/attachment.html
More information about the Bro
mailing list