SMB Language

Hi

Just enable SMB analyzer , works great

I have a problem with the Hebrew language , it’s looks like it’s not supported , I’m getting this files name in log file :

Test\hello\*xd7\x92\xd7\x99\xd7\x95\xd7\x9c \xd7\x9b\xd7\x9e\xd7\x95\xd7\xaa\xd7\x99*.csv

The \*xd7\x92\xd7\x99\xd7\x95\xd7\x9c* - is Hebrew words

is there a way to fix it ?

Hi
Just enable SMB analyzer , works great

I have a problem with the Hebrew language , it's looks like it's not supported , I'm getting this files name in log file :

Test\hello\\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c \xd7\x9b\xd7\x9e\xd7\x95\xd7\xaa\xd7\x99.csv

The \\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c - is Hebrew words

is there a way to fix it ?

That's just an escaped utf-8 string:

s='Test\hello\\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c \xd7\x9b\xd7\x9e\xd7\x95\xd7\xaa\xd7\x99.csv'
print s

Test\hello\גיול כמותי.csv

(or in python3)

s=b'Test\hello\\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c \xd7\x9b\xd7\x9e\xd7\x95\xd7\xaa\xd7\x99.csv'
print(s.decode('utf-8'))

Test\hello\גיול כמותי.csv

Can I add utf-8 encoding to bro ?
Is there other option ?

I'm forward the log file to SIEM system , and it's not readable in that way

Thanks

Hi

Any help ?

Thanks
Izik

Bro's strings are purely ascii at this time. You would have to interpret the string as UTF8 in whatever you have receiving logs with.

  .Seth