[Bro] Fox-IT smb-ransomware bro script
erik clark
philosnef at gmail.com
Tue Sep 27 06:46:37 PDT 2016
Has anyone had any success with Fox-ITs smb-ransomware script?
See:
https://github.com/fox-it/bro-scripts/blob/master/smb-ransomware/smb-ransomware.bro
I am getting:
error in ./smb-ransomware.bro, line 80: no such field in record
(FoxCryptoRansom::c$smb_state)
error in ./smb-ransomware.bro, line 84: no such field in record
(FoxCryptoRansom::c$smb_state)
error in ./smb-ransomware.bro, line 84: unknown identifier SMB::FILE_WRITE,
at or near "SMB::FILE_WRITE"
I didn't want to open a github issue if there is a simple fix that I am
unaware of. Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160927/4dd9a634/attachment.html
More information about the Bro
mailing list