This presentation describes how a common open-source tool Zeek (Bro) that has been used, until today, primarily for threat detection can be extended to provide threat response including mitigation of attacks including those aspects that can be tied to the MITRE ATT&CK framework.
Today Zeek/Bro has a large open-source and active community that contributes using Zeek/Bro scripts that include detecting attacks such as Heartbleed and many other behavioral (TTP) based detections. This presentation will have the following structure: