Hi All,
If am trying to add smb-ransomware.bro , to my bro setup ,where should I include this in the bro directories.
root@csh:/home/raj# find / -name “smb”
/nsm/bro/share/bro/policy/protocols/smb
/nsm/bro/share/bro/base/protocols/smb
/opt/bro/bro-2.5/testing/btest/Traces/smb
/opt/bro/bro-2.5/testing/btest/scripts/base/protocols/smb
/opt/bro/bro-2.5/scripts/policy/protocols/smb
/opt/bro/bro-2.5/scripts/base/protocols/smb
/opt/bro/bro-2.5/build/src/analyzer/protocol/smb
/opt/bro/bro-2.5/src/analyzer/protocol/smb
and after this I can include in local.bro, @load policy/protocols/smb
Thanks,