[Bro] Fox-IT smb-ransomware bro script
Seth Hall
seth at icir.org
Tue Sep 27 11:18:54 PDT 2016
> On Sep 27, 2016, at 11:09 AM, erik clark <philosnef at gmail.com> wrote:
>
> and it worked. Any idea why my smb stuff is in policy/protocols and not base/protocols?
We decided to place the code that enables the SMB analyzer into policy/protocols for the 2.5 release because it's a lot of code and we *believe* that it should work well, but we didn't feel comfortable turning it on by default like the other analyzers because of the amount of new code. I feel pretty confident that we will be moving it to base for the 2.6 release, but it is what it is for now. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list