Skip to content

sethhall/unknown-mime-type-discovery

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
scripts
scripts
 
 
LICENSE
LICENSE
 
 
README.rst
README.rst
 
 
zkg.meta
zkg.meta
 
 

Repository files navigation

Unknown MIME Type Discovery

This package is for Zeek to help network analysts improve Zeek by using their network to discover unknown file types. It does this by creating a log named unknown_mime_type_discovery.log that will log a configurable amount of data from the beginning of any files not found to already have a file type detection signature in Zeek.

Installation

zkg refresh
zkg install sethhall/unknown-mime-type-discovery

Configuration

If you would like to log a different amount of the beginning of files with unknown mime types you can use the following configuration option in local.zeek or another script you are loading. The default is to log 1000 bytes.

redef UnknownMimeTypeDiscovery::max_content_extraction = 250;

About

Zeek package for logging snippets of files without discovered mime types

Resources

Readme

License

View license
Activity

Stars

2 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 1

First formal release Latest
Aug 9, 2021

Contributors

Languages