[Oisf-devel] filemd5?
Victor Julien
victor at inliniac.net
Thu Feb 16 13:17:42 EST 2012
On 02/16/2012 05:59 PM, Martin Holste wrote:
> Regarding the Virustotal stuff, absolutely, though I don't think that
> should be OISF's job to code. That's a great place to put a script to
> asynchronously handle the output from Suricata. That's why a JSON
> output would be perfect for piping to something that can do all of the
> heavy-lifting and custom stuff in a script. CIF, Virustotal, Cuckoo,
> DLP--those are all easy tasks if you've got an ever-growing JSON
> stream of md5's.
So this json stream would be a single log file / unix socket
continuously updated with the latest records? You script would just tail
it and do it's business?
Or are you looking for per file json files like how we do the .meta
files now?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list