[Bro] SMB Language
Izik.Birka at hot.net.il
Tue Feb 14 07:11:39 PST 2017
Can I add utf-8 encoding to bro ?
Is there other option ?
I'm forward the log file to SIEM system , and it's not readable in that way
From: Azoff, Justin S [mailto:jazoff at illinois.edu]
Sent: Tuesday, February 14, 2017 4:16 PM
To: Izik Birka <Izik.Birka at hot.net.il>
Cc: bro at bro.org
Subject: Re: [Bro] SMB Language
> On Feb 14, 2017, at 2:36 AM, Izik Birka <Izik.Birka at hot.net.il> wrote:
> Just enable SMB analyzer , works great
> I have a problem with the Hebrew language , it's looks like it's not supported , I'm getting this files name in log file :
> Test\hello\\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c \xd7\x9b\xd7\x9e\xd7\x95\xd7\xaa\xd7\x99.csv
> The \\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c - is Hebrew words
> is there a way to fix it ?
That's just an escaped utf-8 string:
>>> s='Test\hello\\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c \xd7\x9b\xd7\x9e\xd7\x95\xd7\xaa\xd7\x99.csv'
>>> print s
(or in python3)
>>> s=b'Test\hello\\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c \xd7\x9b\xd7\x9e\xd7\x95\xd7\xaa\xd7\x99.csv'
- Justin Azoff
This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain materials protected by copyright or information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or agreement.
If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication by error, notify the sender immediately and delete this message immediately.
More information about the Bro