Zeek is a customizable, open-source tool that allows you to monitor the network and analyze events within it. This course will teach how to customize it through the use of custom rules, scripts, and policies.
Zeek is an event-based network monitoring and analysis tool used to help monitor the network and detect potential threats. It enables users to see the traffic going through our networks and respond to it in different ways. Learning how to customize its functionality through the use of rules and scripts can help you use this tool more effectively. In this course, Writing Zeek Rules and Scripts, you will learn all about this tool's frameworks and how to use them to customize the tool, as well as how to use it. First, you will learn about the various components used with Zeek customization and scripting. Next, you will learn about the Default scripts and how to modify them to suit your needs. Finally, you will practice using the frameworks to build the needed functionality for your use cases. When you're finished with this course, you will have the ability to modify Zeek in order to support your desired use cases and environment.
Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.
Course Overview Hi everyone. My name is Joe Abraham, and welcome to my course Writing Zeek Rules and Scripts. I'm currently a cybersecurity consultant and a Pluralsight author for both IT operations and security topics. Are you trying to customize your Zeek environment, but don't really know how? Do you need to learn all about the Zeek scripting capabilities and how to write rules? Well, in this course, I'm going to help. I'll walk you through the open source tool and how to write custom scripts to use with it. Some of the major topics that we will cover include illustrating the Zeek signature framework, understanding the logging and notice frameworks, optimizing Zeek scripts, and customizing scripts to extend Zeek's functionality. By the end of this course, you'll know all about Zeek and its scripting capabilities, as well as how to write your own scripts and rules within your environment. Before beginning this course, you should be familiar with basic IT terminology and network functionality, as well as have a solid understanding of the Zeek tool's uses. From here, you should feel comfortable diving further into Zeek scripting and learning more about network and security analysis in general through skill paths and courses at Pluralsight, such as Enterprise Security Monitoring with Open Source Network IDS & IPS. I hope you'll join me on this journey to learn more about this great tool with the Writing Zeek Rules and Scripts course here at Pluralsight.