Zeekweek2022

Packets don't lie - Threat Hunting with Zeek

Earlier today, I presented a webinar on ’ Packets don’t lie - Threat Hunting with Zeek.' Thanks to the kind folks at APNIC for initiating the request and starting the email thread. The gist of the presentation was about using Zeek to look for anomalies. Before jumping into Zeek, I introduced Network Security Monitoring. Spoke about conn.log and dns.log and used PCAPs from Stratosphere IPS Project to demonstrate threat hunting with Zeek.