In this post, we will onboard a Suricata Sensor on Zabbix so we can basic...| #Threat Hunting Tails
One of the most awesome capabilities of Zeek, except the scriptable nature, is the network...| #Threat Hunting Tails
In the previous days, I tried to consume SPAN traffic from an HP Switch that...| #Threat Hunting Tails
By default, Zeek is configured to capture all the network traffic, both IP and Non-IP...| #Threat Hunting Tails
When you deploy your Zeek sensor for the first time, after a while you will...| #Threat Hunting Tails
In the process of Threat Hunting or even as a SOC Analyst, it is crucial...| #Threat Hunting Tails
Continuing my previous post, about ASN Enrichment (https://threathuntingtails.com/zeek-asn-enrichment/), today I will talk about Geolocation Enrichment...| #Threat Hunting Tails
There are times that you get a lot of Zeek Notices that have no value...| #Threat Hunting Tails
Zeek is a powerful tool for monitoring your networks. It has many powerful capabilities, but the best of all, it is the Zeek script language, that gives you the capability to extend what you can see, detect and log.| threathuntingtails.com
Prior to version 5.0, Zeek has been giving you only the capability to enrich your data with the AS Number (Autonomous Systems Number – https://en.wikipedia.org/wiki/Autonomous_system_(Internet) ) by using the lookup_asn function ( https://docs.zeek.org/en/master/scripts/base/bif/zeek.bif.zeek.html#id-lookup_asn ). But this is not so handy for the analyst, because he has to look up which organization belongs to that number. With the new version (v5.0) of Zeek, this problem has gone. The look...| threathuntingtails.com