Skip to content

jmcavinee/bro-drwatson

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
scripts
scripts
 
 
tests
tests
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.rst
README.rst
 
 
bro-pkg.meta
bro-pkg.meta
 
 

Repository files navigation

Dr. Watson script for Bro

Dr. Watson catcher script for Bro.

Overview

Microsoft sends diagnostic information back to themselves through a mechism named Dr. Watson. The initial "StageOne" is unencrypted and sent over HTTP so it's visible to Bro. This script takes the StageOne messages and parses all available information out of them to create a series of logs.

dr_watson_crash.log logs information whenever software crashes happen such as the application that crashed and why it crashed.

dr_watson_platform.log logs information about platforms discovered from watson messages which could include information about the system manufacturer and model.

This script also feed information to the "Hardware" Bro script that logs information about particular hardware discovered.

Installation

bro-pkg refresh
bro-pkg install bro/corelight/bro-drwatson

About

Dr. Watson catcher script for Bro.

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Zeek 100.0%