Utilizing Zeek 4 in an Enterprise Environment or for Distributed Operations

Focused View

Michael Edie

1:51:14

146 View

1 - Course Overview

1. Course Overview.mp4

01:32

2 - Designing a Zeek Deployment for Enterprise Monitoring

1. Version Check.mp4

00:15

2. Configuring a Zeek Management Host.mp4

01:54

3. Demo - Configuring a Zeek Management Host.mp4

02:29

4. Developing a Sensor Strategy.mp4

02:44

5. Connecting Zeek Workers to the Management Host.mp4

02:14

6. Demo - Connecting Zeek Workers to the Management Host.mp4

08:08

7. Working with the Filebeat Agent.mp4

01:30

8. Shipping Zeek Data to a SIEM (ELK).mp4

05:34

3 - Using Zeek for Continuous Monitoring

1. Rogue Server Detection.mp4

07:11

2. SSL Certificate Auditing.mp4

05:37

3. Demo - SSL Certificate Auditing.mp4

07:27

4. DNS Auditing.mp4

05:04

5. Demo - DNS Auditing.mp4

08:34

6. Limitations.mp4

03:27

4 - Using Zeek for Defensive Cyber Operations

1. Detecting Network Reconnaissance.mp4

06:31

2. Demo - Detecting Network Reconnaissance.mp4

08:21

3. Hunting Data Exfiltration.mp4

05:24

4. Demo - Hunting Data Exfiltration.mp4

07:59

5. Malicious File Extraction.mp4

05:18

6. Demo - Malicious File Extraction.mp4

04:50

7. Post-mortem Analysis.mp4

04:17

8. Demo - Post-mortem Analysis.mp4

03:21

9. Course Review.mp4

01:33

Exercise Files

utilizing-zeek-enterprise-environment-distributed-operations.zip

Description

Zeek is an open-source network security monitoring (NSM) tool. This course will teach you how to deploy Zeek at scale and how to use Zeek data for continuous monitoring, threat hunting, and incident response.

What You'll Learn?

Cybersecurity professionals are tasked with defending networks against malicious attackers who are becoming more sophisticated and harder to detect. In this course, Utilizing Zeek 4 in an Enterprise Environment or for Distributed Operations, you'll learn how to deploy this tool to support network security operations. First, you’ll explore how to design a Zeek deployment for Enterprise Monitoring. Next, you’ll discover how Zeek can support Continuous Monitoring. Finally, you’ll learn how to use Zeek for Threat Hunting and Incident Response. When you’re finished with this course, you’ll have the skills and knowledge of using Zeek to rapidly identify indicators of compromise, security control deviations, and to actively pursue adversarial threats on a network.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Network Security

Network Monitoring

Michael Edie

Instructor's Courses

Michael Edie, aka “the mechanic,” is a 23-year US Army Veteran and Information Security Engineer. He currently serves as a Technical Lead in a Cyber Operations Organization and President of the Augusta Information Systems Security Association (ISSA) chapter. Previously, he has served on Digital Forensics and Incident Response (DFIR), threat hunt, and compliance inspection teams. Michael is passionate about Information Security and enjoys contributing to the community through his blog at https://blog.edie.io and projects at https://github.com/tankmek. He is the Executive Director and Co-Founder of smashthestack.org, a software vulnerability, and exploitation educational platform. Additionally, Michael has volunteered to speak at local nonprofits such as the Cyber Discovery Group (CDG) and NERD Nights. Outside the technical domain, he enjoys spending time with his wife and kids, motorcycling, cryptocurrency, and chess.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.