[Oisf-users] Oisf-users Digest, Vol 91, Issue 19

erik clark philosnef at gmail.com
Tue Jun 27 18:53:35 UTC 2017 

No, you can't get the filename, because content such as http streams may
not have a filename whatsoever. If the name of the file is being dictated
by the user when a link or the like is clicked (via http for example),
there is no associated metadata for which it can be determined. Bro can do
this to a degree, so you may want to look at that to supplement your suri
coverage.


On Tue, Jun 27, 2017 at 12:00 PM, <
oisf-users-request at lists.openinfosecfoundation.org> wrote:

> Send Oisf-users mailing list submissions to
>         oisf-users at lists.openinfosecfoundation.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.openinfosecfoundation.org/
> mailman/listinfo/oisf-users
> or, via email, send a message with subject or body 'help' to
>         oisf-users-request at lists.openinfosecfoundation.org
>
> You can reach the person managing the list at
>         oisf-users-owner at lists.openinfosecfoundation.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Oisf-users digest..."
>
>
> Today's Topics:
>
>    1. File extraction - keep file name/extension? (Brian Hennigar)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 27 Jun 2017 11:53:43 -0300
> From: Brian Hennigar <bhennigar at gmail.com>
> To: "oisf-users at lists.openinfosecfoundation.org"
>         <oisf-users at lists.openinfosecfoundation.org>
> Subject: [Oisf-users] File extraction - keep file name/extension?
> Message-ID:
>         <CAOLP4yopMHsTvJrtEtOabQZhr_u73oyH1j3XP6znOijuu68CJA at mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> When using file extraction, is it possible to keep the original file name
> instead of file.<id> and file.<id>.meta?   Or to avoid having files with
> the same name, something like file.<id>.extension
>
>
>
> Thanks,
> Brian
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/
> attachments/20170627/c08bbbe9/attachment-0001.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at lists.openinfosecfoundation.org
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
> ------------------------------
>
> End of Oisf-users Digest, Vol 91, Issue 19
> ******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170627/2b1e4357/attachment.html>

More information about the Oisf-users mailing list