Writing Zeek Rules and Scripts

Focused View

Joe Abraham

2:06:27

115 View

1 - Course Overview

1. Course Overview.mp4

01:42

2 - Illustrating the Zeek Signature Framework

1. Scripting with Zeek.mp4

04:12

2. The Zeek System Workflow.mp4

04:03

3. Learning the Zeek Signature Language.mp4

06:19

4. Configuring Zeek's Signature Detection.mp4

06:54

5. Validating the Detection.mp4

04:26

3 - Managing Events with the Logging and Notice Frameworks

1. Learning About Zeek Logging.mp4

03:19

2. Formatting Zeek Logs.mp4

08:20

3. Using the Zeek Logging Framework.mp4

04:13

4. Practicing with the Logging Framework.mp4

04:35

5. Interacting with the Zeek Notice Framework.mp4

02:33

6. Practicing with the Notice Framework.mp4

05:47

4 - Breaking Down the Scripting Basics

1. Understanding a Zeek Script.mp4

05:12

2. Event Queue and Handlers.mp4

07:51

3. Data Types and Structures.mp4

04:28

4. The Script Options.mp4

04:55

5. Breaking down the Zeek Scripts.mp4

05:59

5 - Optimizing Zeek Default Scripts

1. General Scripting Rules.mp4

03:03

2. Zeek's Default Scripts.mp4

03:17

3. Detailing Zeek's Script Defaults.mp4

05:04

4. Zeek's Tuning Scripts.mp4

04:38

5. Optimizing Zeek Through Scripts.mp4

06:12

6 - Customizing Scripts to Extend Zeek Functionality

1. Zeek Custom Scripting.mp4

03:23

2. Building a Zeek Script.mp4

05:05

3. Continuing the Zeek Script.mp4

04:47

4. Validating the Zeek Script.mp4

02:17

5. Reviewing Zeek Scripting.mp4

03:53

Exercise Files

writing-zeek-rules.zip

Description

Zeek is a customizable, open-source tool that allows you to monitor the network and analyze events within it. This course will teach how to customize it through the use of custom rules, scripts, and policies.

What You'll Learn?

Zeek is an event-based network monitoring and analysis tool used to help monitor the network and detect potential threats. It enables users to see the traffic going through our networks and respond to it in different ways. Learning how to customize its functionality through the use of rules and scripts can help you use this tool more effectively. In this course, Writing Zeek Rules and Scripts, you will learn all about this tool's frameworks and how to use them to customize the tool, as well as how to use it. First, you will learn about the various components used with Zeek customization and scripting. Next, you will learn about the Default scripts and how to modify them to suit your needs. Finally, you will practice using the frameworks to build the needed functionality for your use cases. When you're finished with this course, you will have the ability to modify Zeek in order to support your desired use cases and environment.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Network Monitoring

Joe Abraham

Instructor's Courses

Joe Abraham, CCIE #62417, is a Network Security Consultant working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. He is also a member of the GIAC Advisory Board. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three children, exercising, researching and writing about technology, or learning new technologies. Spending much of his experience helping to train and educate IT professionals, he is passionate about teaching and always strives to be a positive influence in the IT field.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.