If you’re considering or new to Corelight and Zeek (formerly known as Bro), this guide will help you as part of a proof of concept for an initial deployment.
The guide consists of analysts questions that help demonstrate usage of the data Zeek provides, and the value of a data-centric approach for Network Security Monitoring (NSM).
Questions are organized by the location of instrumentation in the network. Additionally, several threat hunting concepts are described to help deepen knowledge, especially for teams new to the practice.
This guide will deepen your knowledge of threat hunting best practices and prepare you for a proof of concept. It demonstrates the benefits of a data-centric approach to network detection and response powered by Zeek.
Has your network been breached? Would you know if it had been? Many breaches are discovered weeks, months, or years after they have happened, even with the most diligent security teams. Network breaches may be inevitable, but disaster is not. With...
Through the ATT&CK framework, MITRE has generated a gold mine of information about the most important tactics and techniques used by attackers and how the blue team can detect and prevent these actions. Blocking atomic attack indicators such as...
Not all data derived from network traffic is created equal. Many organisations today are stuck between the overwhelming and unwieldy firehose of PCAP, and sticking piecemeal logs together from a variety of sources—neither of which provide a...
The most advanced security teams rely on network traffic as a fundamental data source, ground truth for security investigations, but encryption has made certain aspects of that truth increasingly difficult to obtain. Decrypting the traffic would...
If you are considering or new to Corelight and Zeek (formerly known as Bro), this guide will help you as part of a proof of concept for an initial deployment. The guide consists of analysts questions that help demonstrate usage of the data Zeek...
It’s apparent to anyone in the field that cybersecurity problems are getting worse, not better. All large organizations have found themselves compromised at one point. And often attacks go undetected for months or even years. This is why so many...