[Zeek] File extraction package
Kayode Enwerem
Kayode_Enwerem at ao.uscourts.gov
Mon Apr 27 14:08:08 PDT 2020
Hello,
We are trying to do some customization to the file extraction package https://github.com/hosom/file-extraction
Does any one have any suggestions on how I can get any of these done?
1. Is there a way to define what network you want the "file extracting package" to extract the files from? Instead of extracting files from all the networks defined in network.cfg. Example: if I have 7 subnets defined in network.cfg but I only the file extracting package to extract files from 2 out of the 7.
2. Is there a way to dedup the extracted files. Example: If a file was sent to 20 people, I only want to see the file 1 time instead of 20 times.
3. We would also like to exclude certain file types based coming via SMB. Example: excluding all .pdf files I just want to exclude .pdf files coming via SMB.
Zeek version we are running is 3.0.3.
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200427/8072b508/attachment.html
More information about the Zeek
mailing list