This is a very neat policy for sure!! On Mon, Nov 03, 2014 at 12:56:07PM -0600, grigorescu (JIRA) wrote: > > [ > https://bro-tracker.atlassian.net/browse/BIT-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18702#comment-18702 > ] > > grigorescu commented on BIT-1286: > --------------------------------- > > Forgot to mention the branch :-). It's in topic/vladg/cryptoapi > > > Add policy script for Windows version detection via CryptoAPI HTTP Traffic > > -------------------------------------------------------------------------- > > > > Key: BIT-1286 > > URL: https://bro-tracker.atlassian.net/browse/BIT-1286 > > Project: Bro Issue Tracker > > Issue Type: New Feature > > Components: Bro > > Affects Versions: git/master > > Reporter: grigorescu > > > > Windows systems access a Microsoft Certificate Revocation List (CRL) > > periodically. The user agent for these requests reveals which version of > > Crypt32.dll installed on the system, which can uniquely identify the > > version of Windows that's running. > > This branch adds a Software framework policy script will log the version of > > Windows that was identified. > > > > -- > This message was sent by Atlassian JIRA > (v6.4-OD-09-005#64005) > _______________________________________________ > bro-dev mailing list > bro-dev@bro.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
-- Aashish Sharma (asha...@lbl.gov) Cyber Security, Lawrence Berkeley National Laboratory http://go.lbl.gov/pgp-aashish Office: (510)-495-2680 Cell: (510)-612-7971
pgpKTIKEDDVf8.pgp
Description: PGP signature
_______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev