Timeline
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

36 check-ins

2010-12-17
04:01
[f93b081552] Leaf: A bit more work on autoruns script (user: sansforensics tags: trunk)
2010-12-15
04:26
[2a86484913] more work on autoruns, also added umount_all script (user: sansforensics tags: trunk)
2010-12-10
04:18
[72d1b2d8ae] First bit of work on trying to get an autorun dumping script. Got automounting script working though (user: sansforensics tags: trunk)
2010-12-08
16:13
[bb991aaf6c] Final-ish commit (user: david tags: trunk)
12:20
[d5ca8547f8] added exec_bro_single script (user: david tags: trunk)
2010-12-07
22:29
[9703d635c7] Fixed small problem with run_bro script (user: david tags: trunk)
22:11
[b5c72d429f] Everything almost totally mostly good :) - session ID's update from file to file (user: david tags: trunk)
2010-12-06
22:20
[c6ac1a09a3] working to update all ssn ids (user: david tags: trunk)
04:49
[718f4a7a4b] Finally got something that kind of works for writing to multiple pipes in proctest.py (user: david tags: trunk)
2010-12-03
15:44
[4fe4c4d098] Mostly kinda sorta fully functional?? (user: david tags: trunk)
15:29
[f6e2ec5fc4] Load data all working./run_bro.sh (user: david tags: trunk)
05:09
[7c2ca5adcd] Fixed up load-dv.sql, spent most of the night on that. Need to go back and tweak HTTP output, field enclosure can only be a single char, but separator can be a string (user: david tags: trunk)
01:23
[e63c70a898] changed name of sql file (user: david tags: trunk)
2010-12-02
21:14
[62506b95d7] SQL all laid out (user: david tags: trunk)
19:09
[1dc563445b] Full run through of run_bro shell script successful, can generate everything, ready to be loaded into DB (user: david tags: trunk)
05:20
[325760fedb] Scripts written to help automate running of things (user: david tags: trunk)
03:06
[468e690dfb] Bittorrent tracker added (user: david tags: trunk)
01:45
[f9c1dfef59] Removed smtp extractor. Don't think it's worth it at this point (user: david tags: trunk)
2010-12-01
21:46
[2547e0b34a] First stab at SMTP extractor - might end up recopying the whole thing in the end... (user: david tags: trunk)
05:10
[359fdf0ba1] More mods to ssl-dv - happy with it now. essentially complete duplicate of ssl.bro (user: david tags: trunk)
04:58
[3ad6d4ddd8] One first start at a version of ssl-dv. But probably going to change it. Don't like how it works here, too many different places where it writes to file (user: david tags: trunk)
04:19
[39370f1b7e] ftp meta data extractor done - for now. probably could use some more work (user: david tags: trunk)
2010-11-30
17:50
[c387d24f72] Changes made to dns - pretty much done (user: david tags: trunk)
2010-11-29
20:47
[c0c23f59fe] Entropy calculation now done for each connection as part of conn-dv. adu-dv.bro kept around for ref, but shouldn't be needed (user: david tags: trunk)
19:35
[9aa4e1b69d] Working on meta data output. related to ticket [52e76d1b66e76ca6125339a20adfb1db180d0e7a] (user: david tags: trunk)
16:07
[947ca3dd44] OS Fingerprinting added, redef'ed some events (user: david tags: trunk)
15:30
[c33da1c7ba] Entropy measures added to all HTTP outputs (user: david tags: trunk)
15:14
[5cfd774a64] Mostly finished work on HTTP meta data extraction. Dumps requests, replies and headers to three separate files with similar layouts (user: david tags: trunk)
13:00
[7430394ccb] First go at HTTP meta data bro policy. Still needs lots of work (user: david tags: trunk)
03:46
[d5109167e0] First bit of work on the dns meta data extraction policy script (user: david tags: trunk)
2010-11-24
04:41
[aa30899099] Done work for tonight. Got the basic bro script working, would like to add packet counts to it as well, but this should do fine for now (user: david tags: trunk)
2010-11-14
07:11
[6558dac49c] 'fixed' bro source directory. Had problems when configured and make - new files got created and some were deleted, even after a 'make clean' (user: dvessey tags: trunk)
06:21
[7b3c077ae5] Entropy function added to bro.bif (user: dvessey tags: trunk)
06:18
[fd18f596d6] Original bro 1.5.1 source code committed - no changes (user: dvessey tags: trunk)
05:02
[1b38aa3208] Initial commit with dns_meta script (user: dvessey tags: trunk)
03:33
[7206e2f2f5] initial empty check-in (user: david tags: trunk)