BZAR (Bro/Zeek ATT&CK-based Analytics and Reporting) is a set of Bro/Zeek scripts that utilize the SMB and DCE-RPC protocol analyzers and the File Extraction Framework to detect ATT&CK-like activity, raise notices, and write to the Notice Log. It uses the Bro/Zeek Network Security Monitor to detect ATT&CK-based adversarial activity and is a component of the Cyber Analytics Repository. BZAR must be tuned for your specific operational environment to avoid unnecessary entries in the Notice Log.
FEATURES
SIMILAR TOOLS
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.
Tor Browser is a free and open-source software that allows users to browse the internet anonymously and privately.
A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.
A TCP-based traceroute implementation that bypasses firewall filters to trace the path to a destination.
Tcpreplay is a suite of Open Source utilities for editing and replaying captured network traffic.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
WiGLE.net is a platform that collects and provides data on WiFi networks and cell towers, with over 1.3 billion networks collected.
Tcpdump is a command-line packet analyzer for capturing and analyzing network traffic.