Extensions, Frameworks, & Integrations Used with Zeek

Focused View

Joe Abraham

2:22:42

108 View

1 - Course Overview

1. Course Overview.mp4

01:51

2 - Identifying Zeek Integrations

1. Introducing Zeek Integrations.mp4

04:11

2. Customizing Zeek Using Integrations.mp4

03:17

3. Adding Zeek Packages.mp4

02:46

4. Installing Zeek Packages.mp4

06:01

5. Validating Zeek Packages.mp4

04:12

6. Additional Zeek Projects.mp4

06:26

7. Validating Spicy's Analyzers.mp4

06:35

3 - Deploying Zeek with Security Onion

1. Introducing Zeek with Security Onion.mp4

04:45

2. Zeek's Security Onion Configuration.mp4

05:26

3. Using Zeek with Security Onion and Hunt.mp4

06:42

4. Validating Zeek Data Ingestion Using Hunt.mp4

03:29

5. Additional Security Onion Information.mp4

01:53

4 - Ingesting and Enriching Zeek Logs

1. Introducing the ELK Stack.mp4

03:31

2. Ingesting Zeek Logs with ELK.mp4

07:56

3. Stashing and Parsing Logs with Logstash.mp4

02:38

4. Integrating Zeek Log Data with Arkime.mp4

04:00

5. Mapping and Enriching Zeek Data for Arkime.mp4

08:33

6. Validating Our Integrated Deployment.mp4

08:45

5 - Integrating Zeek with RockNSM

1. Learning About RockNSM.mp4

03:50

2. Using Zeek within RockNSM.mp4

04:47

3. Validating RockNSM Configurations.mp4

05:32

4. File Carving with Zeek.mp4

03:22

5. Using Zeek Scripts to Carve PCAP and Stream Files.mp4

06:49

6. Summarizing RockNSM and File Carving.mp4

01:14

6 - Using Intelligence in Zeek

1. Using the Zeek Intelligence Framework.mp4

04:02

2. Adding Intelligence Files to Zeek.mp4

08:03

3. What Is JA3 and How Can We Use It.mp4

07:50

4. Additional Zeek Integration Information.mp4

04:16

Exercise Files

extensions-frameworks-integrations-used-zeek.zip

Description

Zeek is a customizable, open-source tool that allows you to monitor the network and analyze events within it. This course will teach how to integrate it with other tools such as Security Onion, Elasticsearch, and Arkime.

What You'll Learn?

Zeek is an event-based network monitoring and analysis tool used to help monitor the network and detect potential threats. It enables users to see the traffic going through our networks and respond to it in different ways. It can use additional packages and integrations to help provide it more capabilities and allow organizations to expand its use. In this course, Extensions, Frameworks, & Integrations Used with Zeek, you will learn all about this tool's frameworks and integrations. First, you will learn about the various extensions, integrations, and packages to be used with Zeek. Next, you will learn about the how Zeek integrates with tools such as Security Onion, Arkime, Elasticsearch, and RockNSM. Finally, you will use file carving and metadata to analyze Zeek data streams, and the intelligence framework to add additional context and intelligence to it. When you're finished with this course, you will have the ability to modify Zeek and integrate it with other tools in order to support your desired use cases and environment.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Network Security

Network Monitoring

Joe Abraham

Instructor's Courses

Joe Abraham, CCIE #62417, is a Network Security Consultant working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. He is also a member of the GIAC Advisory Board. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three children, exercising, researching and writing about technology, or learning new technologies. Spending much of his experience helping to train and educate IT professionals, he is passionate about teaching and always strives to be a positive influence in the IT field.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.