[Bro] Fox-IT smb-ransomware bro script
Vlad Grigorescu
vladg at illinois.edu
Tue Sep 27 07:55:01 PDT 2016
What version of Bro are you running. This would only work on the Bro 2.5
beta, or if you're using the SMB branch.
erik clark <philosnef at gmail.com> writes:
> Has anyone had any success with Fox-ITs smb-ransomware script?
>
> See:
> https://github.com/fox-it/bro-scripts/blob/master/smb-ransomware/smb-ransomware.bro
>
> I am getting:
>
> error in ./smb-ransomware.bro, line 80: no such field in record
> (FoxCryptoRansom::c$smb_state)
> error in ./smb-ransomware.bro, line 84: no such field in record
> (FoxCryptoRansom::c$smb_state)
> error in ./smb-ransomware.bro, line 84: unknown identifier SMB::FILE_WRITE,
> at or near "SMB::FILE_WRITE"
>
> I didn't want to open a github issue if there is a simple fix that I am
> unaware of. Thanks!
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160927/68df9a1a/attachment.bin
More information about the Bro
mailing list