UPDATE: Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE

Fernandez_Mark_I · April 10, 2019, 4:38pm

Gary, All -

We updated the BZAR scripts to be forward-compatible with Zeek v2.6.x and backward-compatible with v2.5.x and below, using ‘@if’ directives to check the version number. Affected files include: main.bro, bzar_dce-rpc.bro, and bzar_smb.bro.

Please visit the GitHub repo to find the updates files.

https://github.com/mitre-attack/car/tree/master/implementations/bzar

Cheers,

Mark

Mark I. Fernandez

The MITRE Corporation

mfernandez@mitre.org

P.S. The Bro/Zeek Package Manager for BZAR is coming soon.

Topic		Replies	Views
Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE Zeek	6	266	May 6, 2022
BZAR Update - Config Options for Detection, Reporting, and Whitelisting Zeek	1	145	May 6, 2022
Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE Zeek	3	85	May 6, 2022
BZAR (Bro/Zeek ATT&CK-based Analytics and Reporting) Zeek	1	196	May 6, 2022
BZAR Update - .zeek File Extensions and ATT&CK Sub-Techniques Zeek	1	91	May 6, 2022

UPDATE: Bro/Zeek ATT&CK-based Analytics and Reporting (BZAR), by MITRE

Related Topics