Zeek_SMB.events.bif.zeek¶

GLOBAL¶

Namespace: GLOBAL

Summary¶

Events¶

smb_pipe_connect_heuristic: event

Generated for SMB connections when a named pipe has been detected heuristically.

Detailed Interface¶

Events¶

smb_pipe_connect_heuristic ¶

Type: event (c: connection)

Generated for SMB connections when a named pipe has been detected heuristically. The case when this comes up is when the drive mapping isn’t seen so the analyzer is not able to determine whether to send the data to the files framework or to the DCE_RPC analyzer. This heuristic can be tuned by adding or removing “named pipe” names from the SMB::pipe_filenames const.

Parameters: c – The connection.