Description
Course info
Level
Intermediate
Updated
May 10, 2021
Duration
2h 6m
Your 10-day individual free trial includes:

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.
Description

Zeek is an event-based network monitoring and analysis tool used to help monitor the network and detect potential threats. It enables users to see the traffic going through our networks and respond to it in different ways. Learning how to customize its functionality through the use of rules and scripts can help you use this tool more effectively. In this course, Writing Zeek Rules and Scripts, you will learn all about this tool's frameworks and how to use them to customize the tool, as well as how to use it. First, you will learn about the various components used with Zeek customization and scripting. Next, you will learn about the Default scripts and how to modify them to suit your needs. Finally, you will practice using the frameworks to build the needed functionality for your use cases. When you're finished with this course, you will have the ability to modify Zeek in order to support your desired use cases and environment.

About the author
About the author

Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.

More from the author
Network Analysis with pfSense
Intermediate
38m
Feb 25, 2021
More courses by Joe Abraham
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Joe Abraham, and welcome to my course Writing Zeek Rules and Scripts. I'm currently a cybersecurity consultant and a Pluralsight author for both IT operations and security topics. Are you trying to customize your Zeek environment, but don't really know how? Do you need to learn all about the Zeek scripting capabilities and how to write rules? Well, in this course, I'm going to help. I'll walk you through the open source tool and how to write custom scripts to use with it. Some of the major topics that we will cover include illustrating the Zeek signature framework, understanding the logging and notice frameworks, optimizing Zeek scripts, and customizing scripts to extend Zeek's functionality. By the end of this course, you'll know all about Zeek and its scripting capabilities, as well as how to write your own scripts and rules within your environment. Before beginning this course, you should be familiar with basic IT terminology and network functionality, as well as have a solid understanding of the Zeek tool's uses. From here, you should feel comfortable diving further into Zeek scripting and learning more about network and security analysis in general through skill paths and courses at Pluralsight, such as Enterprise Security Monitoring with Open Source Network IDS & IPS. I hope you'll join me on this journey to learn more about this great tool with the Writing Zeek Rules and Scripts course here at Pluralsight.