The SolarWinds security breach was dominating the security headlines last month. Fireeye published some Snort and Yara rules along with IOCs to guide how to defend against the Sunburst malware (used in the SolarWinds attack). I was wondering if anyone in the Zeek community has done anything to develop a zeek-based solution for this? Thanks a lot in advance!
Snort/Yara-based countermeasures: https://github.com/fireeye/sunburst_countermeasures
-- ND