BZAR is a set of Bro/Zeek scripts utilizing the SMB and DCE-RPC protocol analyzers and the File Extraction Framework to detect ATT&CK-like activity, raise notices, and write to the Notice Log.
https://github.com/mitre-attack/car/tree/master/implementations/bzar
Has anyone tried this? Anyone have any feedback on these scripts?
I have Security Onion in my environment and I am considering trying this. I just don’t know where to start when it comes to installing and running custom scripts
Thanks!
Francois