Closed glwallum closed 4 years ago
Thank you for bringing that to my attention. Good catch. The file 'bzar_files.bro' does not perform any checks against the whitelists. Oversight on my part. I can add those checks soon.
I added whitelist check to 'bzar_files.bro' to skip file extraction and/or to skip reporting that a file was extracted. This should remedy the issue.
Hello,
I am excluding addresses using the bzar_config_options.bro.
The attack_lm_extracted_file_whitelist_orig_addrs is not correctly excluding IP addresses, and we are still receiving alerts for ones which are in the set.