[Zeek] Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE
Zeolla@GMail.com
zeolla at gmail.com
Wed Mar 27 06:37:04 PDT 2019
Nice work, thanks for sharing!
- Jon Zeolla
Zeolla at GMail.Com
On Wed, Mar 27, 2019 at 9:09 AM Fernandez, Mark I <mfernandez at mitre.org>
wrote:
> All,
>
>
>
> MITRE has created a set of Bro/Zeek scripts to detect ATT&CK-like
> adversarial activity. The project is called BZAR – Bro/Zeek ATT&CK-based
> Analytics and Reporting.
>
>
>
> MITRE ATT&CK is a publicly-available, curated knowledge base for cyber
> adversary behavior, reflecting the various phases of the adversary
> lifecycle and the platforms they are known to target. The ATT&CK model
> includes behaviors of numerous threats groups.
>
>
>
> BZAR is a set of Bro/Zeek scripts utilizing the SMB and DCE-RPC protocol
> analyzers and the File Extraction Framework to detect ATT&CK-like activity,
> correlate certain techniques, and write to the Notice Log.
>
>
>
> BZAR is publicly released as open source, under MITRE case number
> 18-2489. It is available for download at the following URL:
>
> - https://github.com/mitre-attack/car/tree/master/implementations/bzar
>
>
>
> For more information on MITRE ATT&CK, visit https://attack.mitre.org.
>
>
>
>
>
> *Mark I. Fernandez*
>
> The MITRE Corporation
>
> mfernandez at mitre.org
>
>
>
> P.S. It does not yet support the Bro/Zeek Package Manager (this is on the
> todo list).
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190327/3f135825/attachment.html
More information about the Zeek
mailing list