[Zeek] : Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE
Patrick Kelley
patrick.kelley at criticalpathsecurity.com
Thu Mar 28 06:55:39 PDT 2019
We'll try to crack something out around PTH, if nothing exists already.
We'll post it here when done.
We have the pcaps from the lab and live engagements. Should be able to
knock that out.
On Thu, Mar 28, 2019 at 9:35 AM Fernandez, Mark I <mfernandez at mitre.org>
wrote:
> Alex,
>
>
>
> >> - Is the repository going to be maintain and updated
>
> >> e.g new attacks and categories techniques ?
>
>
>
> To be determined. We may do some small updates in the near future.
> Contributions from the Zeek community are welcome, and I believe we’ll be
> able to incorporate community contributions.
>
>
>
> >>- Second isn't possible to detect pth attack throught
>
> >> *bzar_smb.bro ?*
>
>
>
> Pass-the-Hash (pth) was not in the initial scope of the BZAR work. I
> think it would be great to add it, but I haven’t done a market survey to
> see if anyone else has already developed pth detection for Zeek.
>
>
>
> Cheers,
>
> Mark
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
*Patrick Kelley, CISSP, C|EH, ITIL*
*CTO*
patrick.kelley at criticalpathsecurity.com
(o) 770-224-6482
*The limit to which you have accepted being comfortable is the limit to
which you have grown. Accept new challenges as an opportunity to enrich
yourself and not as a point of potential failure.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190328/f3e56a5a/attachment.html
More information about the Zeek
mailing list