5/27/2023 0 Comments Pcap analysis toolsZeek typically is run as a command-line program in Linux. ![]() With all of the default logs Zeek can create, plus the ability to add your own through its package manager, it automatically does a lot of the heavy lifting of network analysis in milliseconds. ![]() It’s very good at this, and fast - Zeek doesn’t go to the same depth as a full decoder, so it’s able to build its logs quickly. When used for specific incident analysis, it’s job is to narrow down the traffic you’re interested in without having to sift through mountains of network data. Zeek can take pre- recorded pcap files and provide a broad, high-level overview of the traffic saved in the capture. Zeek doesn’t only operate passively on live network traffic. Many applications built for monitoring and threat-hunting use Zeek as their core. When used on live traffic, Zeek sits quietly on a sensor and passively analyzes the packets as they go by, creating logs that are sent to a centralized SIEM. By default, it knows about a lot of network behaviors, including connections, network services, applications, protocols, files, hosts, and more. These logs act as a summary of all of the network activity, broken down into many different categories. In this article, you’ll learn what Zeek is, how to best use it when analyzing packet data, and how CloudShark’s Zeek Logs analysis tool makes it simple to drill down to the data you need for your whole team to solve network security problems.įundamentally, Zeek turns raw network traffic into comprehensive metadata logs. This means Zeek is an excellent place for analysts to start investigations. Zeek (formerly Bro) is a powerful tool trusted by networking and cybersecurity experts for analyzing network traffic through high-level, organized logs. ![]() Companies have a number of detection and automation tools at their disposal, but when analysts need to get involved, having acess to the raw packet captures saves analysts valuable time and helps them accomplish the goal of netsec ops: protecting the business. ![]() Network + security management is hard work. Zeek offers a new way to start your packet analysis
0 Comments
Leave a Reply. |