by Richard Bejtlich | Dec 6, 2021 | community, Zeek in Action
In this episode of Zeek in Action, Richard examines the four types of network security monitoring data: 1) full content data (“PCAP”), 2) transaction logs, 3) extracted content, and 4) intrusion detection systems (IDS) alerts. He uses the online tool...
by Keith J. Jones, PhD | Dec 3, 2021 | community, Spicy, Zeek in Action
In this Zeek in Action video, Keith Jones explains his Spicy protocol analyzer rapid development process on a new Radius analyzer. Of course Radius is in core Zeek, but it can be replaced with a Spicy Radius protocol analyzer. Keith used this development process on...
by Greg Bell | Nov 1, 2021 | community, Zeek in Action
In this Zeek in Action video, Richard Bejtlich explains how to install Zeek from scratch, using a fresh Linux environment created on his Windows system with VirtualBox. You can follow along step by step as Richard prepares a VM, installs Linux, selects the version of...
by Greg Bell | Nov 1, 2021 | community, Zeek in Action
In this episode, Richard Bejtlich explains how to determine if your Zeek deployment suffers from capture loss. There are many causes for capture loss (including an overloaded span port, NIC, or monitoring system), but the end result is the same: unfortunate gaps in...
by Amber Graner | Jul 29, 2021 | community, Zeek in Action
After seeing questions such as, “Can I use Zeek to monitor my wireless network traffic?” on the Zeek Slack workspace, Richard Bejtlich wanted to take a broader look at this question. In this episode, Richard looks at the complexities of monitoring your wireless...
by Amber Graner | Jul 29, 2021 | community, Zeek in Action
Do you ever see new assets on your network and wonder what they are? Maybe there are devices you don’t recognize and you want to know more. In this episode, Richard Bejtlich looks at how to use Zeek, Rumble and Humio to learn more about assets you have...