[prev in list] [next in list] [prev in thread] [next in thread]
List: bro
Subject: Re: [Zeek] [Non-DoD Source] Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE
From: "Weasel, Gary W CIV DISA RE (US)" <gary.w.weasel2.civ () mail ! mil>
Date: 2019-03-27 18:35:36
Message-ID: 0C34D9CA9B9DBB45B1C51871C177B4B291C073EA () UMECHPA68 ! easf ! csd ! disa ! mil
[Download RAW message or body]
Mark,
Is this developed for Bro/Zeek 2.5.5? I'm getting errors when attempting to load \
this in Bro/Zeek 2.6.1.
v/r
Gary W. Weasel, Jr.
-----Original Message-----
From: zeek-bounces@zeek.org <zeek-bounces@zeek.org> On Behalf Of Fernandez, Mark I
Sent: Wednesday, March 27, 2019 9:02 AM
To: zeek@zeek.org
Subject: [Non-DoD Source] [Zeek] Bro/Zeek ATT&CK-based Analytics and Reporting \
(BZAR), by MITRE
All active links contained in this email were disabled. Please verify the identity of \
the sender, and confirm the authenticity of all links contained within the message \
prior to copying and pasting the address to a Web browser.
________________________________
All,
MITRE has created a set of Bro/Zeek scripts to detect ATT&CK-like adversarial \
activity. The project is called BZAR - Bro/Zeek ATT&CK-based Analytics and \
Reporting.
MITRE ATT&CK is a publicly-available, curated knowledge base for cyber adversary \
behavior, reflecting the various phases of the adversary lifecycle and the platforms \
they are known to target. The ATT&CK model includes behaviors of numerous threats \
groups.
BZAR is a set of Bro/Zeek scripts utilizing the SMB and DCE-RPC protocol analyzers \
and the File Extraction Framework to detect ATT&CK-like activity, correlate certain \
techniques, and write to the Notice Log.
BZAR is publicly released as open source, under MITRE case number 18-2489. It is \
available for download at the following Caution-url:
* Caution-https://github.com/mitre-attack/car/tree/master/implementations/bzar \
< Caution-https://github.com/mitre-attack/car/tree/master/implementations/bzar >
For more information on MITRE ATT&CK, visit Caution-https://attack.mitre.org.
Mark I. Fernandez
The MITRE Corporation
mfernandez@mitre.org < Caution-mailto:mfernandez@mitre.org >
P.S. It does not yet support the Bro/Zeek Package Manager (this is on the todo \
list).
_______________________________________________
Zeek mailing list
zeek@zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic