Writing Zeek Rules and Scripts
Zeek is a customizable, open-source tool that allows you to monitor the network and analyze events within it. This course will teach how to customize it through the use of custom rules, scripts, and policies.
Zeek is an event-based network monitoring and analysis tool used to help monitor the network and detect potential threats. It enables users to see the traffic going through our networks and respond to it in different ways. Learning how to customize its functionality through the use of rules and scripts can help you use this tool more effectively. In this course, Writing Zeek Rules and Scripts, you will learn all about this tool’s frameworks and how to use them to customize the tool, as well as how to use it. First, you will learn about the various components used with Zeek customization and scripting. Next, you will learn about the Default scripts and how to modify them to suit your needs. Finally, you will practice using the frameworks to build the needed functionality for your use cases. When you’re finished with this course, you will have the ability to modify Zeek in order to support your desired use cases and environment.
Author Name: Joe Abraham
Author Description:
Joe Abraham, CCIE #62417, is a Cybersecurity Architect working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three child… more
Table of Contents
- Course Overview
1min - Illustrating the Zeek Signature Framework
25mins - Managing Events with the Logging and Notice Frameworks
28mins - Breaking Down the Scripting Basics
28mins - Optimizing Zeek Default Scripts
22mins - Customizing Scripts to Extend Zeek Functionality
19mins
There are no reviews yet.