Hello All,
I’d like to get the OS fingerprinting working. I see multiple methods to do this, starting with https://docs.zeek.org/en/stable/scripts/policy/frameworks/software/windows-version-detection.bro.html, which requires the Microsoft Certificate Revocation List (CRL) event. It was also noticed that there’s p0f integration https://github.com/bro/bro/blob/master/scripts/base/misc/p0f.fp which is great, but it looks like it’s using old signature. Is there a way to update this signature to the latest version (https://github.com/p0f/p0f/blob/master/p0f.fp)? Copying the latest file over crashes Zeek.
Thanks,