Hello,
I am looking for a way to parse the User Agent string in bro.
Is anybody aware of any bro scripts which are similar in functionality to something like ua-parser-js ( https://github.com/faisalman/ua-parser-js ) or ES user-agent ingest plugin ( https://www.elastic.co/guide/en/elasticsearch/plugins/master/ingest-user-agent.html )?
Thanks in advance!
Hello,
I have found this project: https://github.com/ua-parser/uap-core/blob/master/docs/specification.md It shall be possible to build bro ua-parser based on it. But I do not want to reinvent the wheel and prefer to use existing implementation if any…
The only thing I am aware of is the software log (see https://www.bro.org/sphinx/scripts/base/frameworks/software/main.bro.html#type-Software::Info). If you need more functionality, this would be a good candidate for a bro package.
Jan
Hi Vitaly!
I’ve been wanting to port one of these type of things to Bro for a long time. That would be a great contribution if you wanted to take that on. I’m sure that a number of people would find it valuable. I don’t know of anyone in the community that has already done it.
.Seth
Hello,
Here you go: https://github.com/vitalyrepin/uap-bro
Installable through bro package manager.
I hope, it will be useful not only for my case.