by Richard Bejtlich | Dec 6, 2021 | community, Zeek in Action
In this episode of Zeek in Action, Richard examines the four types of network security monitoring data: 1) full content data (“PCAP”), 2) transaction logs, 3) extracted content, and 4) intrusion detection systems (IDS) alerts. He uses the online tool...
by Keith J. Jones, PhD | Dec 3, 2021 | community, Spicy, Zeek in Action
In this Zeek in Action video, Keith Jones explains his Spicy protocol analyzer rapid development process on a new Radius analyzer. Of course Radius is in core Zeek, but it can be replaced with a Spicy Radius protocol analyzer. Keith used this development process on...
by Richard Bejtlich | Nov 5, 2021 | community, Newsletter
Issue 13 – October 2021 Welcome to the Zeek Monthly Newsletter! In this Issue: TL;DR Development Updates Zeek Blog and Mailing List Zeek in the Community Zeek Package Updates Zeek in the Enterprise Upcoming Events Zeek Related Jobs Get Involved TL;DR ZeekWeek...
by Anthony Kasza | Nov 5, 2021 | community, CTF, ZeekWeek21
As part of the most recent ZeekWeek event the Zeek Project Training Subgroup and the Corelight Labs Team made a capture the flag (CTF) competition available for attendees to play. The competition included 19 challenges of varying difficulties which involved tasks...
by Greg Bell | Nov 1, 2021 | community, Zeek in Action
In this Zeek in Action video, Richard Bejtlich explains how to install Zeek from scratch, using a fresh Linux environment created on his Windows system with VirtualBox. You can follow along step by step as Richard prepares a VM, installs Linux, selects the version of...
by Greg Bell | Nov 1, 2021 | community, Zeek in Action
In this episode, Richard Bejtlich explains how to determine if your Zeek deployment suffers from capture loss. There are many causes for capture loss (including an overloaded span port, NIC, or monitoring system), but the end result is the same: unfortunate gaps in...