diff --git a/CHANGES b/CHANGES
index 5d9026291e..20a25c551e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.6-191 | 2019-03-25 16:43:10 -0700
+
+  * Add support for SMB filenames to the intel framework (Stephen Hosom)
+
 2.6-186 | 2019-03-25 09:41:57 -0700
 
   * Added policy script for intel removal. (Jan Grashoefer)
diff --git a/NEWS b/NEWS
index 3b0b2dbe2d..d673e3385e 100644
--- a/NEWS
+++ b/NEWS
@@ -64,6 +64,8 @@ New Functionality
 - Added a new hook, ``Intel::filter_item``, to assist in filtering and
   removal of intelligence items that are about to be inserted.
 
+- Add support for SMB filenames in the intel framework.
+
 Changed Functionality
 ---------------------
 
diff --git a/VERSION b/VERSION
index ddf1957a25..73ef942bdc 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.6-186
+2.6-191
diff --git a/doc b/doc
index ae04aa61a8..406d0c8574 160000
--- a/doc
+++ b/doc
@@ -1 +1 @@
-Subproject commit ae04aa61a80ff4f436a9c248f9a934a694bb500a
+Subproject commit 406d0c857491927d7fbee7aef954b8a40f23978d
diff --git a/scripts/policy/frameworks/intel/seen/__load__.bro b/scripts/policy/frameworks/intel/seen/__load__.bro
index d364e8c587..814a274613 100644
--- a/scripts/policy/frameworks/intel/seen/__load__.bro
+++ b/scripts/policy/frameworks/intel/seen/__load__.bro
@@ -6,6 +6,7 @@
 @load ./http-url
 @load ./pubkey-hashes
 @load ./ssl
+@load ./smb-filenames
 @load ./smtp
 @load ./smtp-url-extraction
 @load ./x509
diff --git a/scripts/policy/frameworks/intel/seen/smb-filenames.bro b/scripts/policy/frameworks/intel/seen/smb-filenames.bro
new file mode 100644
index 0000000000..66c8977bb0
--- /dev/null
+++ b/scripts/policy/frameworks/intel/seen/smb-filenames.bro
@@ -0,0 +1,23 @@
+@load base/protocols/smb
+@load base/frameworks/intel
+@load ./where-locations
+
+event file_new(f: fa_file)
+    {
+    if ( f$source != "SMB" )
+        return;
+
+    for ( id in f$conns )
+        {
+        local c = f$conns[id];
+        if ( c?$smb_state && c$smb_state?$current_file && c$smb_state$current_file?$name )
+            {
+            local split_fname = split_string(c$smb_state$current_file$name, /\\/);
+            local fname = split_fname[|split_fname|-1];
+            Intel::seen([$indicator=fname,
+                        $indicator_type=Intel::FILE_NAME,
+                        $f=f,
+                        $where=SMB::IN_FILE_NAME]);
+            }
+        }
+    }
diff --git a/scripts/policy/frameworks/intel/seen/where-locations.bro b/scripts/policy/frameworks/intel/seen/where-locations.bro
index 59a89b0eb2..9d30b5ff8f 100644
--- a/scripts/policy/frameworks/intel/seen/where-locations.bro
+++ b/scripts/policy/frameworks/intel/seen/where-locations.bro
@@ -26,5 +26,6 @@ export {
 		SSL::IN_SERVER_NAME,
 		SMTP::IN_HEADER,
 		X509::IN_CERT,
+		SMB::IN_FILE_NAME,
 	};
 }
diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro
index 2e38738527..be2efbbc19 100644
--- a/scripts/test-all-policy.bro
+++ b/scripts/test-all-policy.bro
@@ -25,6 +25,7 @@
 @load frameworks/intel/seen/http-headers.bro
 @load frameworks/intel/seen/http-url.bro
 @load frameworks/intel/seen/pubkey-hashes.bro
+@load frameworks/intel/seen/smb-filenames.bro
 @load frameworks/intel/seen/smtp-url-extraction.bro
 @load frameworks/intel/seen/smtp.bro
 @load frameworks/intel/seen/ssl.bro
diff --git a/testing/btest/Baseline/scripts.policy.frameworks.intel.seen.smb/intel.log b/testing/btest/Baseline/scripts.policy.frameworks.intel.seen.smb/intel.log
new file mode 100644
index 0000000000..fd1dd4749b
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.frameworks.intel.seen.smb/intel.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	intel
+#open	2019-03-25-23-33-09
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	seen.indicator	seen.indicator_type	seen.where	seen.node	matched	sources	fuid	file_mime_type	file_desc
+#types	time	string	addr	port	addr	port	string	enum	enum	string	set[enum]	set[string]	string	string	string
+1549644186.691869	CHhAvVGS1DHFjwGM9	169.254.128.18	49155	169.254.128.15	445	pythonfile	Intel::FILE_NAME	SMB::IN_FILE_NAME	bro	Intel::FILE_NAME	source1	FG403EpKSkh5CwCre	-	pythonfile
+#close	2019-03-25-23-33-09
diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smb.bro b/testing/btest/scripts/policy/frameworks/intel/seen/smb.bro
new file mode 100644
index 0000000000..5dd594953b
--- /dev/null
+++ b/testing/btest/scripts/policy/frameworks/intel/seen/smb.bro
@@ -0,0 +1,22 @@
+# @TEST-EXEC: bro -C -r $TRACES/smb/smb2readwrite.pcap %INPUT
+# @TEST-EXEC: btest-diff intel.log
+
+@load base/frameworks/intel
+@load frameworks/intel/seen
+
+@TEST-START-FILE intel.dat
+#fields	indicator	indicator_type	meta.source	meta.desc	meta.url
+pythonfile	Intel::FILE_NAME	source1	test entry	http://some-data-distributor.com/100000
+@TEST-END-FILE
+
+redef Intel::read_files += { "intel.dat" };
+
+event bro_init()
+	{
+	suspend_processing();
+	}
+
+event Input::end_of_data(name: string, source: string)
+	{
+	continue_processing();
+	}