[Bro] smb-ransomware.bro enough information in notice.log
ps sunu
pssunu6 at gmail.com
Mon May 15 00:44:53 PDT 2017
Hi
smb-ransomware.bro script don't have enough information in notice
log ,
https://github.com/fox-it/bro-scripts/blob/master/smb-ransomware/smb-ransomware.bro
below notice log don't have connection info, example where to where
ransomware found
$threshold_crossed(key: SumStats::Key, result: SumStats::Result) =
{
NOTICE([$note=RANSOMWARE_SMB,
$msg="Ransomware encrypting share detected"]);
}]);
regards,
Sunu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170515/2539ef04/attachment.html
More information about the Bro
mailing list