Simple play icon Course

Extensions, Frameworks, & Integrations Used with Zeek

by Joe Abraham

Zeek is a customizable, open-source tool that allows you to monitor the network and analyze events within it. This course will teach how to integrate it with other tools such as Security Onion, Elasticsearch, and Arkime.

What you'll learn

Zeek is an event-based network monitoring and analysis tool used to help monitor the network and detect potential threats. It enables users to see the traffic going through our networks and respond to it in different ways. It can use additional packages and integrations to help provide it more capabilities and allow organizations to expand its use. In this course, Extensions, Frameworks, & Integrations Used with Zeek, you will learn all about this tool's frameworks and integrations. First, you will learn about the various extensions, integrations, and packages to be used with Zeek. Next, you will learn about the how Zeek integrates with tools such as Security Onion, Arkime, Elasticsearch, and RockNSM. Finally, you will use file carving and metadata to analyze Zeek data streams, and the intelligence framework to add additional context and intelligence to it. When you're finished with this course, you will have the ability to modify Zeek and integrate it with other tools in order to support your desired use cases and environment.

About the author

Joe Abraham, CCIE #62417, is a Cybersecurity Architect working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three child... more

Ready to upskill? Get started