search

mitre-attack / bzar

A set of Zeek scripts to detect ATT&CK techniques.
BSD 3-Clause "New" or "Revised" License
556 stars 73 forks source link

No notice logs #12

Open Luisibear98 opened 3 years ago

Luisibear98 commented 3 years ago

Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated. How can I assure the installition was properly done?

mfrndz commented 3 years ago

Hi, is Zeek producing SMB or DCE-RPC logs when it processes your PCAPs?

Mark

On Sat, Feb 13, 2021, 11:04 AM Luisibear98 notifications@github.com wrote:

Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated. How can I assure the installition was properly done?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mitre-attack/bzar/issues/12, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGUTUSR6LTZUHCXDMHR66ZLS62PHVANCNFSM4XSINNVA .

Luisibear98 commented 3 years ago

Hi, is Zeek producing SMB or DCE-RPC logs when it processes your PCAPs? Mark On Sat, Feb 13, 2021, 11:04 AM Luisibear98 @.***> wrote: Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated. How can I assure the installition was properly done? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#12>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGUTUSR6LTZUHCXDMHR66ZLS62PHVANCNFSM4XSINNVA .

Hi Mark, Thanks so much for the response! Yes, Im testing the pcaps on this repo: https://github.com/sbousseaden/PCAP-ATTACK/ By using tcpreplay.

mfrndz commented 3 years ago

You can find SMB and RPC relevant PCAPs on Wireshark's website https://wiki.wireshark.org/SampleCaptures

Mark

On Sat, Feb 13, 2021, 1:24 PM Luisibear98 notifications@github.com wrote:

Hi, is Zeek producing SMB or DCE-RPC logs when it processes your PCAPs? Mark … <#m3237153820010318593> On Sat, Feb 13, 2021, 11:04 AM Luisibear98 @.***> wrote: Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated. How can I assure the installition was properly done? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#12 https://github.com/mitre-attack/bzar/issues/12>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGUTUSR6LTZUHCXDMHR66ZLS62PHVANCNFSM4XSINNVA .

Hi Mark, Thanks so much for the response! Not at all, Im testing the pcaps on this repo: https://github.com/sbousseaden/PCAP-ATTACK/ By using tcpreplay.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/mitre-attack/bzar/issues/12#issuecomment-778658114, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGUTUSVPP5GEQ22NQKIBI2DS627XPANCNFSM4XSINNVA .