Looking for the branch I can try that has SMB in it? Is it in main?
Thanks
Mike
Connecting to the thread and injecting two more slices of code:
- is it possible to use the SMB packet analyzer on Bro 2.3?
- do we have ways to detect other similar protocols? NFS, I'm looking at you. And MySQL. And Postgres.
topic/vladg/smb
It compiles against 2.3, doesn’t compile against master yet (due to the plugin rewrite).
At this point, it’s only been lightly tested. Given the complexity of the protocol, it’s still buggy, and there are large areas that aren’t supported yet. Please let us know if you test it and encounter any issues - fair warning: they’ll probably be difficult to fix without a PCAP 
–Vlad
I'm hoping you mean similar from a functionality standpoint, and not
similar based on what's on the wire...
There was an old NFS analyzer:
https://github.com/bro/bro/blob/v2.1/src/NFS.cc Apparently it didn't work
all that well, but it might be a jumping off point.
There's a MySQL analyzer that's currently in beta in topic/vladg/smb. I
don't know of anyone working on Postgres right now.
--Vlad
There are no SMB policy scripts yet. Just the base scripts to generate the various SMB logs.
–Vlad