[Zeek] Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE
Amber Graner
akgraner at corelight.com
Wed Mar 27 08:14:19 PDT 2019
Mark,
Thank you so much for sharing this.
~Amber
On Wed, Mar 27, 2019 at 8:09 AM Fernandez, Mark I <mfernandez at mitre.org>
wrote:
> All,
>
>
>
> MITRE has created a set of Bro/Zeek scripts to detect ATT&CK-like
> adversarial activity. The project is called BZAR – Bro/Zeek ATT&CK-based
> Analytics and Reporting.
>
>
>
> MITRE ATT&CK is a publicly-available, curated knowledge base for cyber
> adversary behavior, reflecting the various phases of the adversary
> lifecycle and the platforms they are known to target. The ATT&CK model
> includes behaviors of numerous threats groups.
>
>
>
> BZAR is a set of Bro/Zeek scripts utilizing the SMB and DCE-RPC protocol
> analyzers and the File Extraction Framework to detect ATT&CK-like activity,
> correlate certain techniques, and write to the Notice Log.
>
>
>
> BZAR is publicly released as open source, under MITRE case number
> 18-2489. It is available for download at the following URL:
>
> - https://github.com/mitre-attack/car/tree/master/implementations/bzar
>
>
>
> For more information on MITRE ATT&CK, visit https://attack.mitre.org.
>
>
>
>
>
> *Mark I. Fernandez*
>
> The MITRE Corporation
>
> mfernandez at mitre.org
>
>
>
> P.S. It does not yet support the Bro/Zeek Package Manager (this is on the
> todo list).
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
*Amber Graner*
Director of Community
Corelight, Inc
828.582.9469
* Ask me about how you can participate in the Zeek (formerly Bro)
community.
* Remember - ZEEK AND YOU SHALL FIND!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190327/ce40d02b/attachment-0001.html
More information about the Zeek
mailing list