Bricata Network Security Platform Features Support for MITRE ATT&CK®

Share Article

Latest release includes BZAR scripts, support for high-density data nodes and new features to simplify analyst workflows

“We’re committed to using the MITRE ATT&CK framework in our solution and will continue to build out this portion of our product experience,” said Bricata CPO Andre Ludwig. “We’re also constantly refining our platform to make our UI more intuitive and our workflows more goal-oriented."

Bricata, Inc., a leading provider of comprehensive network protection, has released the latest version of its network security platform. Highlighted in this release is the addition of BZAR scripts (Bro/Zeek ATT&CK-based Analytics and Reporting) that enable security analysts to gain additional context around alerting and network metadata as they align to the MITRE ATT&CK framework.

“We’re committed to using the MITRE ATT&CK framework in our solution and will continue to build out this portion of our product experience,” said Bricata CPO Andre Ludwig. “We’re also constantly refining our platform to make our UI more intuitive and our workflows more goal-oriented. The most recent updates dramatically simplify security operations center (SOC) analysts’ workflows that enables analysts to focus on what should matter most – investigating alerts, proactively hunting for threats and keeping the business network secure.”

The latest version also includes support for high-density data nodes that give users more flexibility to easily scale the amount of network metadata they can store, new alert grouping for streamlined management and response, support for virtualization on Amazon Web Services (AWS), and more.

Key product enhancements and new features include:

  • BZAR Scripts for the MITRE ATT&CK Framework – These open-source Zeek scripts use the Zeek Network Security Monitor to detect ATT&CK-based adversarial activity and “tag” alerts and segments of network metadata associated with that activity. This helps analysts understand what malicious activity on their network is trying to accomplish (i.e., which alerts indicate an attempted privilege escalation, what alerts indicate lateral movement, etc.). This also allows Bricata users to run queries based on the ATT&CK framework. (i.e. “show me all MITRE recon activities from the past two days”) for traffic analyzed by these scripts.
  • Support for High-Density Data Nodes – Increases scalability and allows customers to store and query more network metadata. In turn, this gives security analysts a larger window into the past (up to 90 or 120 days depending on hardware specifications) for threat hunting and/or forensic investigation.
  • Alert Grouping – Bricata now supports grouping of alerts based on type. This significantly reduces the volume of alerts an analyst needs to parse and speeds up alert investigations.
  • Customizable Dashboards – Users can now create custom dashboards in the central management console (CMC) using a variety of widgets.
  • Added “x-forwarded-for” to Alert Filters – This capability, which is unique to Bricata, allows customers that have complex environments with multiple proxies to quickly identify the source of traffic through those proxies. Most tools normally only identify the last hop, but this new analytic helps customers with complex networks get added visibility into the origin point of important traffic.
  • Task-based PCAP Retrieval – Users can now download packet captures based on specific alerts and filters and get notified when the system has retrieved this valuable network traffic for them. This allows an analyst to continue with their prior workflow when retrieving a PCAP or SmartPCAP and download the PCAP when it is ready.
  • Integration with the Cuckoo Sandbox – Bricata users now have the option to double-check suspicious files by easily sending them to the Cuckoo Sandbox, a leading open source malware analysis system, to be detonated and analyzed in a secure, isolated environment.
  • SNMP Support – Import and configure SNMP support on all appliance models via the CMC GUI.
  • Support for Data Nodes on AWS – Bricata’s data collection sensors now run on AWS, so customers can deploy the entire network security platform in a virtualized environment.

Bricata’s network protection solution for enterprises provides full-spectrum threat detection, network visibility, threat hunting and facilitates post-detection response in a single platform that is easy to deploy in the cloud, on premises or in hybrid environments. The solution gives organizations contextual insight into everything transpiring on their networks that enables faster threat response to defend and secure their business. Bricata has been recognized by security technology research analysts for its innovation in intrusion detection and prevention systems (IDPS) and network traffic analysis (NTA).

About Bricata
Bricata is the leader in comprehensive network protection. The Bricata solution provides unparalleled network visibility, full-spectrum threat detection, threat hunting and post-detection response capabilities in an intuitive, tightly integrated and self-managing system. Its automated detection, productive GUIs, and expert system workflows make it easy-to-use for novices, while granular control of its engines, access to rich network metadata and PCAPs, and threat hunting capabilities give experts the power and control they demand. Bricata has been proven to speed incident resolution by up to eight times by reliably detecting threats and providing the context necessary to get to the truth quickly and act. For more information visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Austin Williams
Email >
Visit website