Zeekurity Zen – Part III: How to Send Zeek Logs to Splunk

Zeekurity Zen – Part III: How to Send Zeek Logs to Splunk

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Now we’ll send our Zeek logs 

how-to, incident response, information security, network security monitoring
-
by
-
23 Comments
Zeekurity Zen – Part I: How to Install Zeek on CentOS 8

Zeekurity Zen – Part I: How to Install Zeek on CentOS 8

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview This guide assumes you’ll be installing Zeek on CentOS 8, given how popular CentOS tends to be in the enterprise.  However, the guide should work for any RHEL-based 

how-to, incident response, information security, network security monitoring
-
by
-
50 Comments
OSM: Open Security Monitoring

OSM: Open Security Monitoring

Introduction I’ve spent most of my career defending environments of all sizes.  What I’ve found is that the job of a defender is much less flashier and thankless as compared to an “ethical hacker.”  While there are volumes of articles, guides, and talks on penetration 

cool tools, incident response, information security, network security monitoring
-
by
-
0 Comments