[Bro] BRO - Ransomware
Johanna Amann
johanna at icir.org
Tue May 30 10:22:48 PDT 2017
On Fri, May 26, 2017 at 09:02:06PM +0200, Raj Kumar wrote:
> Hi All,
>
> If am trying to add smb-ransomware.bro , to my bro setup ,where should I
> include this in the bro directories.
>
Typically user scripts to into site. Looking at the smb ransomware script,
you will probably also need to modify it slightly so it loads
policy/protocols/smb instead of base/protocols/smb.
You should be able to directly load it from local.bro if it in in the
site directory.
Johanna
More information about the Bro
mailing list