an email newsletter released every 3 weeks highlighting the latest articles, events, technical inquiries, and voices from the community
Has anyone ever labeled individual records in Zeek logs for attacks/exploits? If so, how did they do it?
Zeek, formerly known as Bro Network Security Monitor, is a powerful open-source intrusion detection system. There was a requirement to know whether an individual record should be marked as anomalous or not, assuming attacks are anomalies. The inquirer was interested in finding possible solutions to automatically label network events/sessions based on time and IP addresses of known attacks using Zeek logs. CSIAC subject matter experts (SMEs) provided open search research to the inquirer and also publicly posted the technical inquiry to solicit responses from our membership. We then consolidated, organized, and analyzed 10 community responses before forwarding the synthesized set of viable solutions to the inquirer.
Want to find out more about this topic?
Request a FREE Technical Inquiry!