Welcome to Zeek in Action, a new series of videos for Zeek users and fans. The purpose of the series is to show how analysts can interpret data in Zeek and related formats to solve various networking challenges. The focus will mainly be on security use cases, but we welcome anyone who would like to contribute their workflow and problem solving expertise.
The first video is a short introduction to the series. It shows how to set up a Windows workstation with a free application from Brim Security. Using Brim, analysts can process network traffic in packet capture format, and receive logs in Zeek and Suricata formats. Although this will not be the only way that we will analyze Zeek logs in this series of videos, it’s a good starting point.
If you would like to discuss the video, or consider creating one yourself, please visit the Zeek community Slack channel (#zeek-in-action).