[Bro] SMB copied files not showing in files.log
Vikram Basu
vikrambasu059 at gmail.com
Mon Oct 30 05:22:02 PDT 2017
Hi,
So I am using the SMB plugin for Bro by loading in local.bro but it seems to be very inconsistent.
Often times when I am copying files between two windows machines over the domain there is no corresponding file in the files.log.
The smb_files.log itself seems to filled up with a lot of .ini files as well and they all seem to have the “SMB::FILE_OPEN” action even when I haven’t opened any of them.
I thought I would use files showing source as SMB in files.log to differentiate when files are actually copied over the network but often times Bro does not detect the same.
Is there any particular way I need to share the files in windows to get the copied files to show up consistently in bro?
Regards
Vikram Basu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171030/8338d3a7/attachment.html
More information about the Bro
mailing list