[Oisf-users] Sample script to lookup md5sums against virustotal or others
Victor Julien
lists at inliniac.net
Wed Oct 16 17:45:58 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/16/2013 05:35 PM, Cooper F. Nelson wrote:
> Is there a way to tell suricata to only log the details of files
> of certain types?
There are 2 types of logging. In the file-log module we
*unconditionally* log info about all files obverved in HTTP, in
file-store we actually store the files themselves to disk. The
file-store output is controlled by the rule language, esp the
"filestore" keyword.
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File_Extraction
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords
> On 10/16/2013 4:35 AM, Victor Julien wrote:
>> On 10/16/2013 11:33 AM, C. L. Martinez wrote:
>>> Hi all,
>>>
>>> I would like to lookup files and md5's files downloaded from
>>> our workstations with suricata (at first stage, exe, zips and
>>> pdf files) against virustotal or others.
>>>
>>> Any sample??
>
>> Check the contrib/file_processor directory in the source tar
>> ball.
>
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJe0NYACgkQiSMBBAuniMe56wCeJi17wvEE2JXLd8/p9n4LwfY7
LZ8AmQFegwrrx2YmDv0fRAE+U/EEN1IL
=XvdD
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list