Extensions, Frameworks, & Integrations Used with Zeek

Zeek is a customizable, open-source tool that allows you to monitor the network and analyze events within it. This course will teach how to integrate it with other tools such as Security Onion, Elasticsearch, and Arkime.
Course info
Level
Intermediate
Updated
Aug 24, 2021
Duration
2h 22m
Table of contents
Description
Course info
Level
Intermediate
Updated
Aug 24, 2021
Duration
2h 22m
Your 10-day individual free trial includes:

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.
Description

Zeek is an event-based network monitoring and analysis tool used to help monitor the network and detect potential threats. It enables users to see the traffic going through our networks and respond to it in different ways. It can use additional packages and integrations to help provide it more capabilities and allow organizations to expand its use. In this course, Extensions, Frameworks, & Integrations Used with Zeek, you will learn all about this tool's frameworks and integrations. First, you will learn about the various extensions, integrations, and packages to be used with Zeek. Next, you will learn about the how Zeek integrates with tools such as Security Onion, Arkime, Elasticsearch, and RockNSM. Finally, you will use file carving and metadata to analyze Zeek data streams, and the intelligence framework to add additional context and intelligence to it. When you're finished with this course, you will have the ability to modify Zeek and integrate it with other tools in order to support your desired use cases and environment.

About the author
About the author

Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.

More from the author
Writing Zeek Rules and Scripts
Intermediate
2h 6m
May 10, 2021
More courses by Joe Abraham
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Joe Abraham, and welcome to my course, Extensions, Frameworks, and Integrations Used with Zeek. I'm currently a cybersecurity consultant and a Pluralsight course author for both IT operations and security topics. Are you trying to integrate Zeek with your other cyber operations tools? Do you need to learn all about the Zeek extensions, capabilities, and integrations that are possible? Well, in this course I'm going to help. I'll walk you through the open source tool and how it can be used within your environment to complement other tools. Some of the major topics that we will cover include identifying Zeek integrations, deploying Zeek in prebuilt platforms, enhancing Zeek logs using the Elastic Stack, and using intelligence with Zeek. By the end of this course, you'll know all about Zeek and its integration capabilities, as well as understand your options for deploying it with other tools in your environment. Before beginning this course, you should be familiar with basic IT terminology and network functionality, as well as have a solid understanding of Zeek's uses. From here, you should feel comfortable diving further into Zeek and learning more about network and security analysis in general through skill paths and courses at Pluralsight, such as Enterprise Security Monitoring with Open Source Network IDS & IPS. I hope you'll join me on this journey to learn more about this great tool with the Extensions, Frameworks, and Integrations Used with Zeek course, here at Pluralsight.