Network Security Monitoring (NSM)
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Now we’ll introduce the Zeek Package Manager to extend Zeek’s functionality with packages …
Zeek is my favorite network security monitoring platform, and I’ve used it throughout my career. It generates rich network metadata that’s incredibly valuable for incident response, forensics, and general troubleshooting. For most people, the main challenge with using Zeek is in setting it up. While today …
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Now we’ll send our Zeek logs …
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview This guide assumes you’ll be installing Zeek on Ubuntu 22.04 LTS. However, the guide should work for any reasonably recent versions of Ubuntu. Kicking things off, we’ll optimize Ubuntu to …
This is part of the Palo Posts how-to guides for getting the most from your Palo Alto firewall on a home or small business network. Overview I recently attended Palo Alto’s annual Ignite conference for the first time. It was a great experience for learning …
Introduction I’ve spent most of my career defending environments of all sizes. What I’ve found is that the job of a defender is much less flashier and thankless as compared to an “ethical hacker.” While there are volumes of articles, guides, and talks on penetration …