log-add-http-post-bodies

https://github.com/corelight/log-add-http-post-bodies
7 14 9 1 Last Push 12/1/21, 2:04 AM

Add POST body excerpt to the HTTP log

This script gives analysts the ability to peek into what is being sent in HTTP POST bodies. It provides this by simply extending the HTTP log.

Installation

bro-pkg refresh
bro-pkg install corelight/log-add-http-post-bodies

Usage

The HTTP log will have a new field named post_body which will be populated
with a configurable amount of data from the beginning of every seen POST body.

Package Version :

Description :

Add a POST body excerpt into the HTTP log

Script Dir :

scripts

Tags :

http log extend