[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bro
Subject:    Re: [Zeek] [Non-DoD Source] Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE
From:       "Weasel, Gary W CIV DISA RE (US)" <gary.w.weasel2.civ () mail ! mil>
Date:       2019-03-27 18:35:36
Message-ID: 0C34D9CA9B9DBB45B1C51871C177B4B291C073EA () UMECHPA68 ! easf ! csd ! disa ! mil
[Download RAW message or body]

Mark,

Is this developed for Bro/Zeek 2.5.5?  I'm getting errors when attempting to load \
this in Bro/Zeek 2.6.1.


v/r
Gary W. Weasel, Jr.

-----Original Message-----
From: zeek-bounces@zeek.org <zeek-bounces@zeek.org> On Behalf Of Fernandez, Mark I
Sent: Wednesday, March 27, 2019 9:02 AM
To: zeek@zeek.org
Subject: [Non-DoD Source] [Zeek] Bro/Zeek ATT&CK-based Analytics and Reporting \
(BZAR), by MITRE

All active links contained in this email were disabled. Please verify the identity of \
the sender, and confirm the authenticity of all links contained within the message \
prior to copying and pasting the address to a Web browser.


________________________________




All,



MITRE has created a set of Bro/Zeek scripts to detect ATT&CK-like adversarial \
activity.  The project is called BZAR - Bro/Zeek ATT&CK-based Analytics and \
Reporting.



MITRE ATT&CK is a publicly-available, curated knowledge base for cyber adversary \
behavior, reflecting the various phases of the adversary lifecycle and the platforms \
they are known to target. The ATT&CK model includes behaviors of numerous threats \
groups.



BZAR is a set of Bro/Zeek scripts utilizing the SMB and DCE-RPC protocol analyzers \
and the File Extraction Framework to detect ATT&CK-like activity, correlate certain \
techniques, and write to the Notice Log.



BZAR is publicly released as open source, under MITRE case number 18-2489.  It is \
available for download at the following Caution-url:

*       Caution-https://github.com/mitre-attack/car/tree/master/implementations/bzar \
< Caution-https://github.com/mitre-attack/car/tree/master/implementations/bzar >



For more information on MITRE ATT&CK, visit Caution-https://attack.mitre.org.





Mark I. Fernandez

The MITRE Corporation

mfernandez@mitre.org < Caution-mailto:mfernandez@mitre.org >



P.S.  It does not yet support the Bro/Zeek Package Manager (this is on the todo \
list).


_______________________________________________
Zeek mailing list
zeek@zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic