[Zeek] OS fingerprinting - p0f signature update
TQ
nothinrandom at gmail.com
Thu Jun 13 16:03:01 PDT 2019
Hello All,
I'd like to get the OS fingerprinting working. I see multiple methods to
do this, starting with
https://docs.zeek.org/en/stable/scripts/policy/frameworks/software/windows-version-detection.bro.html,
which requires the Microsoft Certificate Revocation List (CRL) event. It
was also noticed that there's p0f integration
https://github.com/bro/bro/blob/master/scripts/base/misc/p0f.fp which is
great, but it looks like it's using old signature. Is there a way to
update this signature to the latest version (
https://github.com/p0f/p0f/blob/master/p0f.fp)? Copying the latest file
over crashes Zeek.
Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190613/31262550/attachment.html
More information about the Zeek
mailing list