Packets don’t lie – Threat Hunting with Zeek

Earlier today, I presented a webinar on ‘Packets don’t lie – Threat Hunting with Zeek.

Thanks to the kind folks at APNIC for initiating the request and starting the email thread.

The gist of the presentation was about using Zeek to look for anomalies. Before jumping into Zeek, I introduced Network Security Monitoring. Spoke about conn.log and dns.log and used PCAPs from Stratosphere IPS Project to demonstrate threat hunting with Zeek.

Zeek logs are a great source in the context of threat hunting and Incident Response.

A total of 203 folks had registered for the webinar, and around 55-60 attended. That’s been my experience with online webinars and workshops – many folks will register, but a small fraction attend.

While one hour webinar is a brief period to talk about all-things-zeek, I hope the webinar gives a quick introduction to getting started.

But the most important thing was the interactive Q&A session at the end.

The webinar was recorded and should be available in a few days. I will update the blog post with a link to the recording and the slides.

Also, since I am on the topic of Zeek, ZeekWeek 2022 is an in-person event on October 12th – 14th in Austin, TX.

An excellent line-up of speakers, and the schedule is packed with goodness.