homepage
Open menu
Contact Sales

Using Zeek/Bro To Discover Network TTPs of MITRE ATT&CK

  • Wednesday, 12 Jun 2019 3:30PM EDT (12 Jun 2019 19:30 UTC)
  • Speakers: Richard Bejtlich, James Schweitzer

Techniques, tactics, and procedures (TTPs) can help characterize patterns of adversary behavior, such as sending a spearphishing attachment for initial access or using the Remote Desktop Protocol to move laterally in a target environment. To track TTPs and develop corresponding defense strategies, security personnel increasingly turn to MITRE ATT&CK '​, a TTP repository based on real-world observations. While no single technology nor process can cover all TTPs, did you know that the Zeek Network Security Monitor (formerly 'Bro ') can give you powerful visibility and detection against critical network-based TTPs in the ATT&CK ' framework? '

'In fact, earlier this year MITRE released the Bro/Zeek ATT&CK-based Analytics and Reporting (​BZAR​) scripts to the open-source community to help uncover network-based ATT&CK TTPs. Tune into this webcast to hear from world-class security operators as they dig into Corelight and the MITRE framework and demonstrate step-by-step examples of how you can use Corelight to significantly improve your visibility and defenses. '

'Register for this webcast to learn: '

● An Overview of the MITRE ATT&CK ' framework

● How Corelight addresses ATT&CK TTPs related to data exfiltration and C2s

● And more...

Login to Register

Related Content

Blog
Quest_to_Summit_340x340.png
Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting
The Quest to Summit | SANS ICS Security Summit 2024
Register for the ICS Security Summit to be able to participate in The Quest to Summit and win big prizes.
370x370_Tim-Conway.jpg
Tim Conway
read more
Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
Blog: Google Chrome Platform Notification Analysis
Digital Forensics, Incident Response & Threat Hunting
Google Chrome Platform Notification Analysis
In this post, Chad Tilbury uses the new Arsenal Recon LevelDB Recon tool to examine the Chrome Platform Notifications database.
370x370_Chad-Tilbury.jpg
Chad Tilbury
read more