The first video examining network traffic using Zeek and related applications is now available. This episode looks at a suspected malware compromise, posted by Brad Duncan on his Malware Traffic Analysis site. We use Brim to create Zeek and Suricata logs from a packet capture, and then we review the outputs for signs of suspicious and malicious activity.
If you would like to follow along, please see the introductory video in the series to set up a similar workstation. If you would like to discuss the video, or consider creating one yourself, please visit the Zeek community Slack channel.