Are there any specific packages for zeek or built in scripts that are used to identify exfiltration of data?
I have loaded the large file package.
But am looking for something that can be searched for specific file names when requested.
I see some data in the files logs as well as in the smb logs.
Looking for something that would identify the file, source, destination.