BZAR (Bro/Zeek ATT&CK-based Analytics and Reporting)

BZAR is a set of Bro/Zeek scripts utilizing the SMB and DCE-RPC protocol analyzers and the File Extraction Framework to detect ATT&CK-like activity, raise notices, and write to the Notice Log.

Has anyone tried this? Anyone have any feedback on these scripts?

I have Security Onion in my environment and I am considering trying this. I just don’t know where to start when it comes to installing and running custom scripts