bzar icon indicating copy to clipboard operation
bzar copied to clipboard

Published 20 hours ago verified publisher icon mitre-attack

No notice logs

Open Luisibear98 opened this issue 4 years ago • 3 comments

Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated. How can I assure the installition was properly done?

Luisibear98 avatar Feb 13 '21 16:02 Luisibear98

Hi, is Zeek producing SMB or DCE-RPC logs when it processes your PCAPs?

Mark

On Sat, Feb 13, 2021, 11:04 AM Luisibear98 [email protected] wrote:

Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated. How can I assure the installition was properly done?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mitre-attack/bzar/issues/12, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGUTUSR6LTZUHCXDMHR66ZLS62PHVANCNFSM4XSINNVA .

mfrndz avatar Feb 13 '21 18:02 mfrndz

Hi, is Zeek producing SMB or DCE-RPC logs when it processes your PCAPs? Mark On Sat, Feb 13, 2021, 11:04 AM Luisibear98 @.***> wrote: Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated. How can I assure the installition was properly done? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#12>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGUTUSR6LTZUHCXDMHR66ZLS62PHVANCNFSM4XSINNVA .

Hi Mark, Thanks so much for the response! Yes, Im testing the pcaps on this repo: https://github.com/sbousseaden/PCAP-ATTACK/ By using tcpreplay.

Luisibear98 avatar Feb 13 '21 18:02 Luisibear98

You can find SMB and RPC relevant PCAPs on Wireshark's website https://wiki.wireshark.org/SampleCaptures

Mark

On Sat, Feb 13, 2021, 1:24 PM Luisibear98 [email protected] wrote:

Hi, is Zeek producing SMB or DCE-RPC logs when it processes your PCAPs? Mark … <#m_3237153820010318593_> On Sat, Feb 13, 2021, 11:04 AM Luisibear98 @.***> wrote: Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated. How can I assure the installition was properly done? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#12 https://github.com/mitre-attack/bzar/issues/12>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGUTUSR6LTZUHCXDMHR66ZLS62PHVANCNFSM4XSINNVA .

Hi Mark, Thanks so much for the response! Not at all, Im testing the pcaps on this repo: https://github.com/sbousseaden/PCAP-ATTACK/ By using tcpreplay.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/mitre-attack/bzar/issues/12#issuecomment-778658114, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGUTUSVPP5GEQ22NQKIBI2DS627XPANCNFSM4XSINNVA .

mfrndz avatar Feb 17 '21 20:02 mfrndz