In this episode, Richard Bejtlich looks at PCAPs from Tcpreplay using Zeek, Brim Security and Wireshark.

This comparison isn’t to say one tool is better than the other, but to show users what data each tool provides the users.

If you would like to follow along, please see the introductory video in the series, Video 1, Suspected Malware Compromise and Video 2, Tracing a Trickbot Infection

 If you would like to discuss the video, or consider creating one yourself, please visit the Zeek community Slack workspace and join the #documentation channel.

%d bloggers like this: