12 Days of Defense - Day 2: How to use Zeek for PCAP Analysis
ฝัง
- เผยแพร่เมื่อ 9 ธ.ค. 2020
- In this video I walk through how to install and run a packet capture file through Zeek - one of my favorite open source network security monitoring tools!
Zeek - zeek.org
PCAP Sample: malware-traffic-analysis.net/...
===
My SANS Courses:
- SEC450 - Blue Team Fundamentals: sans.org/sec450
- MGT551 - Building and Leading Security Operations Centers: sans.org/mgt551
PDF Guide to Security Operations: www.sans.org/security-resourc...
Blueprint Podcast: sans.org/blueprint-podcast
Twitter: / sechubb - แนวปฏิบัติและการใช้ชีวิต
Remnux is now on 20.04 so look out fellow future people. Thanks for this John.
Fantastic series. You’re great at explaining, and you’re great at picking relevant topics! Can’t wait for tomorrow’s episode!
Never knew Zeek, would love to see more...Great job John.
Helped me tremendously! Thank you, John.
Clear and concise instructions. Awesome thank you .
Excellent Approach! Super useful!
Learned a lot from the video, thanks for sharing your valuable knowledge with the world!
Dude you saved my freaking life for my lab due tonight, thank you!!!
Thank you for sharing such kind of invaluable info. I appreciate you.
Well crafted video, super easy to follow, and great explanation of each command cheers.
Perfect Explanation ever! Thank you
Thanks, John! Super helpful.
Great videos John!
Again great explanation and good topic.. !!
Perfect Series!
This is amazing stuff
Outstanding explanation
Excelent information.
Thanks man ^^ we are waiting for the next one ;)
Very good content, thanks for sharing.
helpful tricks and tools thanks allot
As a blue team, its like earmilk. Very very good.
Thanks for your amazing video. Could you please suggest how to use python to capture network data through libpcap or winpcap?
Awesome content... Really appreciated. One question though. Why none of the public IP addresses were in the source address column (id.orig_h) in the conn.log? Does that mean no ingress communication took place or is that of Zeek records it traffic?
hey john great informations, the puzzle it's a bit big across tcpdump Tshark zeek brim and so on as a beginner you can't clear enough the path and what is that a SOC analyst net for NTA.
That's great! Thank you very much. Appreciated! How can generate alert instead of logs with Zeek?
For that you’ll want some kind of IDS. Suricata is a great free option for that.
Are there any cheat sheets of zeek queries?
but wich one is better zeek or wireshark?
wanna hear a secret,cap?
ur AWESOME
how to enable it on fedora
10:45 How do you go back and forth between the terminal and the logs? I’m on Windows btw
Nothing fancy, I’m just quitting out of viewing the file with the less command and being taken back to the terminal.
Hey can we install zeek in windows subsystem for Linux
I am getting the below error in the last step of the process and i havt found any sourse which provides the solutions . Please have a look and let me know if there is anything i can do .
"The following packages have unmet dependencies.
zeek-core : Depends: libc6 (< 2.28) but 2.35-0ubuntu3 is to be installed
Depends: libssl1.1 (>= 1.1.0) but it is not installable
E: Unable to correct problems, you have held broken packages. "
try googling so that you can install from ppa for your distro
What is the password to decrypt the file
Wow he went X-Games mode at the end.