Zeek is my favorite network security monitoring platform, and I’ve used it throughout my career. It generates rich network metadata that’s incredibly valuable for incident response, forensics, and general troubleshooting.
For most people, the main challenge with using Zeek is in setting it up. While today there exists Corelight (an enterprise Zeek appliance), not everyone has the budget for this. Plus, it’s fun to do it yourself and learn a thing or two. 😉
This series will walkthrough Zeek setup and a variety of tips and tricks I’ve learned over the years.
Part I: How to Install Zeek on Ubuntu
Part II: Zeek Package Manager
Part III: How to Send Zeek Logs to Splunk
Part IV: Threat Hunting with Zeek
Part V: Zeek Intelligence Framework
Part VI: Zeek File Analysis Framework
Part VII: Zeek To Understand Encryption
Part VIII: How to Send Zeek Logs to Elastic
Part IX: How To Update Zeek