What are possible solutions for labeling independent Zeek logs for attacks and exploits?

Source: DoD, https://media.defense.gov/2017/May/17/2001794522/-1/-1/0/170502-F-SH665-087.JPG
Source: DoD, https://media.defense.gov/2017/May/17/2001794522/-1/-1/0/170502-F-SH665-087.JPG

Posted: April 7, 2022

Deadline: April 16, 2022

The Cybersecurity and Information Systems Information Analysis Center (CSIAC) is seeking possible solutions to automatically label network events/sessions based on time and IP addresses of known attacks using Zeek logs. Documentation, potential points of contact (POCs), further insights, or any solutions would be greatly appreciated.

There is much documentation on prior cyber events, which is picked up by machine learning using the data to classify attacks/nonattack traffic. What are different ways this has been accomplished? The DoD inquirer is considering the use of Zeek logs to accomplish this and wants to identify if others have done anything similar.

If you have any information that fits this request, please provide contact information and relevant details on the DoDTechipedia forum or in an email to Ryan Fowler, the lead analyst, at ryan.fowler@csiac.org

This inquiry has been completed.

We are no longer soliciting new feedback.

Want to find out more about this topic?

Request a FREE Technical Inquiry!

Focus Areas