Hi all,
Can you please share some use cases of Bro in threat hunting. Examples like Bro logs in term of validating particular hypothesis for threat hunting. Will really appreciate if you can share some great resources here.
Thanks
Hania,
Here’s a link to some uses case examples - https://docs.zeek.org/en/stable/examples/
I’m sure others on the list can point you to more specific uses cases.
Thanks,
~Amber
One useful source might be Liam Randall’s training materials, which you can find at https://github.com/LiamRandall
An example of identifying and tracing the behavior of specific malware samples is https://github.com/LiamRandall/BroMalware-Exercise
Additionally, some of the presentations at BroCon 2017 went into detail about identifying/analysing specific real-world threats: https://www.zeek.org/community/brocon2017.html
Chris