Go on the ATT&CK TMwith Corelight.

When today's security teams plan their defense against adversaries, they turn to the MITRE ATT&CK™ Framework. It's a key repository of tactics, techniques, and procedures (TTPs) that adversaries employ. While there's no silver bullet for all TTPs, Corelight sees weak spots others can't. Corelight delivers expansive network visibility by bringing Zeek logs to your SIEM. It allows you to build your own packages, or use community contributions like BZAR, for even more insight. See what Corelight can do below:

BZAR: Bro/Zeek ATT&CK-based analytics and reporting scripts.

arrow
information Techniques Covered

Developed by MITRE for organizations that have deployed the Zeek / Bro Network Security Monitor, these scripts utilize selected protocol analyzers (SMB and DCE-RPC) and the File Analysis Framework to uncover a range of Execution, Persistence, Lateral Movement, Defensive Evasion, Credential Access—and in particular Discovery—techniques. Learn more at GitHub.

information

Watch “Using Zeek / Bro to Discover Network TTPs of MITRE ATT&CK.”

arrow

Tune into this prerecorded (runtime 1 hour) webcast to hear from world-class security operators Richard Bejtlich and James Schweitzer as they dig into the MITRE framework and review concrete, step-by-step eamples of how you can use Zeek to significantly improve your visibility into and defenses against Lateral Movement (TA0008), Data Exfiltration (TA0010), and Command and Control (C2) (TA0011) tactics. Watch.