[Zeek] Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE

[Alex Kefallonitis]

Hi Mark,

Thanks for sharing these gj!

Just two questions:
- Is the repository going to be maintain and updated e.g new attacks and
categories techniques ?
- Second isn't possible to detect pth attack throught *bzar_smb.bro ?*

Alex Kefallonitis

Στις Τετ, 27 Μαρ 2019 στις 10:34 μ.μ., ο/η Fernandez, Mark I <
mfernandez at mitre.org> έγραψε:

> Gary,
>
> >> bzar_smb.bro, line 39: "redef" used but not previously defined
> (SMB::write_cmd_log)
>
> Looks like "SMB::write_cmd_log" is removed from v2.6.x.
>
> Mark
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190327/b4e78c5d/attachment.html