[Zeek] BZAR (Bro/Zeek ATT&CK-based Analytics and Reporting)
Francois Lachance
Francois.Lachance at conexus.ca
Thu Jan 23 14:32:02 PST 2020
BZAR is a set of Bro/Zeek scripts utilizing the SMB and DCE-RPC protocol analyzers and the File Extraction Framework to detect ATT&CK-like activity, raise notices, and write to the Notice Log.
https://github.com/mitre-attack/car/tree/master/implementations/bzar
Has anyone tried this? Anyone have any feedback on these scripts?
I have Security Onion in my environment and I am considering trying this. I just don't know where to start when it comes to installing and running custom scripts
Thanks!
Francois
This email (including attachments) is confidential, may be legally privileged or may contain information that is otherwise exempt from disclosure under applicable law. No waiver of confidentiality or privilege nor consent to disclosure may be inferred from the electronic nature or transmission of this communication. If you are not the intended recipient, your use, dissemination, copying or retention of this email is strictly prohibited. If you have received this email in error or are not a named recipient, please immediately notify the sender, by return email, and destroy all copies of the email in your possession.
________________________________
You are receiving this message because you are a valued member of Conexus Credit Union. If you no longer wish to receive commercial electronic messages from Conexus, Please reply to this email with "Unsubscribe" in the subject line. We will remove you from our distribution list within 10 business days of receipt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200123/66c13f4b/attachment-0001.html
More information about the Zeek
mailing list