BRO - Ransomware

Hi All,

If am trying to add smb-ransomware.bro , to my bro setup ,where should I include this in the bro directories.

root@csh:/home/raj# find / -name “smb”

and after this I can include in local.bro, @load policy/protocols/smb


Typically user scripts to into site. Looking at the smb ransomware script,
you will probably also need to modify it slightly so it loads
policy/protocols/smb instead of base/protocols/smb.

You should be able to directly load it from local.bro if it in in the
site directory.