Exfiltration of data

Are there any specific packages for zeek or built in scripts that are used to identify exfiltration of data?

I have loaded the large file package.

But am looking for something that can be searched for specific file names when requested.

I see some data in the files logs as well as in the smb logs.

Looking for something that would identify the file, source, destination.

Thank you.

I have not seen much. I have modified files.log to include additional info for my needs. The f variable has a lot of info available.