[Zeek] Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE
Fernandez, Mark I
mfernandez at mitre.org
Wed Mar 27 12:03:25 PDT 2019
Hi Gary,
>> Is this developed for Bro/Zeek 2.5.5? I'm getting errors when attempting
to load this in Bro/Zeek 2.6.1.
Yes, I used v2.5.x. What types of errors are you getting? Is it @load
errors with SMB, by chance?
One thing I know changed with v2.6 is that the SMB analyzer was previously
disabled by default in v2.5.x and I believe it is enable by default in v2.6.
In main.bro line 10:
@load policy/protocols/smb. This should be backward compatible with older
versions of Bro/Zeek. But if you are getting @laod SMB errors, you could
try changing line 10 to this: @load base/protocols/smb.
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5063 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190327/b0be2a12/attachment.bin
More information about the Zeek
mailing list