Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE


bzar_smb.bro, line 39: "redef" used but not previously defined


Looks like "SMB::write_cmd_log" is removed from v2.6.x.


Hi Mark,

Thanks for sharing these gj!

Just two questions:

  • Is the repository going to be maintain and updated e.g new attacks and categories techniques ?
  • Second isn’t possible to detect pth attack throught bzar_smb.bro ?

Alex Kefallonitis

Στις Τετ, 27 Μαρ 2019 στις 10:34 μ.μ., ο/η Fernandez, Mark I <> έγραψε: