Corelight's Introductory Guide to Threat Hunting with Zeek (Bro) Logs

If you’re considering or new to Corelight and Zeek (formerly known as Bro), this guide will help you as part of a proof of concept for an initial deployment.  The guide consists of analysts questions that help demonstrate usage of the data Zeek provides, and the value of a data-centric approach for Network Security Monitoring (NSM).  Questions are organized by the location of instrumentation in the network. Additionally, several threat hunting concepts are described to help deepen knowledge, especially for teams new to the practice. This guide will deepen your knowledge of threat hunting best practices and prepare you for a proof of concept. It demonstrates the benefits of a...

If you’re considering or new to Corelight and Zeek (formerly known as Bro), this guide will help you as part of a proof of concept for an initial deployment. 

The guide consists of analysts questions that help demonstrate usage of the data Zeek provides, and the value of a data-centric approach for Network Security Monitoring (NSM). 

Questions are organized by the location of instrumentation in the network. Additionally, several threat hunting concepts are described to help deepen knowledge, especially for teams new to the practice.

This guide will deepen your knowledge of threat hunting best practices and prepare you for a proof of concept. It demonstrates the benefits of a data-centric approach to network detection and response powered by Zeek.

Read more...