Utilizing Zeek 4 in an Enterprise Environment or for Distributed Operations
Zeek is an open-source network security monitoring (NSM) tool. This course will teach you how to deploy Zeek at scale and how to use Zeek data for continuous monitoring, threat hunting, and incident response.
What you'll learn
Cybersecurity professionals are tasked with defending networks against malicious attackers who are becoming more sophisticated and harder to detect. In this course, Utilizing Zeek 4 in an Enterprise Environment or for Distributed Operations, you'll learn how to deploy this tool to support network security operations. First, you’ll explore how to design a Zeek deployment for Enterprise Monitoring. Next, you’ll discover how Zeek can support Continuous Monitoring. Finally, you’ll learn how to use Zeek for Threat Hunting and Incident Response. When you’re finished with this course, you’ll have the skills and knowledge of using Zeek to rapidly identify indicators of compromise, security control deviations, and to actively pursue adversarial threats on a network.
Table of contents
- Version Check 0m
- Configuring a Zeek Management Host 2m
- Demo: Configuring a Zeek Management Host 2m
- Developing a Sensor Strategy 3m
- Connecting Zeek Workers to the Management Host 2m
- Demo: Connecting Zeek Workers to the Management Host 8m
- Working with the Filebeat Agent 2m
- Shipping Zeek Data to a SIEM (ELK) 6m
About the author
Michael Edie, aka “the mechanic,” is a 23-year US Army Veteran and Information Security Engineer. He currently serves as a Technical Lead in a Cyber Operations Organization and President of the Augusta Information Systems Security Association (ISSA) chapter. Previously, he has served on Digital Forensics and Incident Response (DFIR), threat hunt, and compliance inspection teams. Michael is passionate about Information Security and enjoys contributing to the community through his blog at https://... more