[Zeek] Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE
Fernandez, Mark I
mfernandez at mitre.org
Wed Mar 27 06:02:08 PDT 2019
All,
MITRE has created a set of Bro/Zeek scripts to detect ATT&CK-like
adversarial activity. The project is called BZAR - Bro/Zeek ATT&CK-based
Analytics and Reporting.
MITRE ATT&CK is a publicly-available, curated knowledge base for cyber
adversary behavior, reflecting the various phases of the adversary lifecycle
and the platforms they are known to target. The ATT&CK model includes
behaviors of numerous threats groups.
BZAR is a set of Bro/Zeek scripts utilizing the SMB and DCE-RPC protocol
analyzers and the File Extraction Framework to detect ATT&CK-like activity,
correlate certain techniques, and write to the Notice Log.
BZAR is publicly released as open source, under MITRE case number 18-2489.
It is available for download at the following URL:
* https://github.com/mitre-attack/car/tree/master/implementations/bzar
For more information on MITRE ATT&CK, visit https://attack.mitre.org.
Mark I. Fernandez
The MITRE Corporation
<mailto:mfernandez at mitre.org> mfernandez at mitre.org
P.S. It does not yet support the Bro/Zeek Package Manager (this is on the
todo list).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190327/8c49f2ec/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5063 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190327/8c49f2ec/attachment-0001.bin
More information about the Zeek
mailing list