[Bro] bro files - network drive
vladg at illinois.edu
Tue May 16 09:43:31 PDT 2017
Izik Birka <Izik.Birka at hot.net.il> writes:
> Why when I only search file in network drive all the files in the
> network drive are written to files.log ?
I'm assuming you mean over SMB? More data than just file transfers is
logged because it can be useful for incident response.
> How can I detect a real file transfer ?
Take a look at the total_bytes and seen_bytes fields.
More information about the Bro