Starting with Zeek
Nowadays, I have been working on an open-source Network Detection System (NDR) called Zeek, formerly known as Bro.
Zeek generates detailed logs of network activity in tab-separated or JSON formats, including HTTP sessions, DNS requests, SSL certificates, and SMTP sessions. It includes built-in malware detection, software vulnerability reporting, and SSL certificate validation. Its Turing-complete scripting language allows for custom traffic analysis. Zeek supports high-speed networks with scalable load-balancing and cluster setups managed by ZeekControl, running on commodity hardware. It is cost-effective and ideal for generating high-fidelity network logs, distinguishing it from signature-based IDS like Suricata and protocol analyzers like Wireshark.
Zeek works in two ways: one as a real-time sensor that monitors traffic and the other as an offline pcap analyzer. Zeek is highly regarded for its ability to provide detailed logs and analysis. As an NDR (Network Detection and Response) tool, it excels in transforming raw traffic data into actionable intelligence.
To learn how to install Zeek, check out this documentation:
