Trending

Hands On Training

Writing Zeek Rules and Scripts

Pluralsight

Course Features

Duration

126 minutes

Delivery Method

Online

Available on

Downloadable Courses

Accessibility

Desktop, Laptop

Language

English

Subtitles

English

Level

Intermediate

Teaching Type

Self Paced

Video Content

126 minutes

Course Description

Zeek is an event-based monitoring and analysis tool that helps to monitor networks and identify potential threats. It allows users to monitor traffic through networks and to respond in different ways. This tool can be used more efficiently if you know how to modify its functionality using rules and scripts. This course, Writing Zeek Rules & Scripts, will teach you all about the frameworks of this tool and how to customize it. You'll also learn how to use it. You will first learn about Zeek customization and scripting. Next, you'll learn about the Default scripts as well as how to modify them to your requirements. You will also learn how to use the frameworks to create the functionality you need for your specific use cases. After completing this course, Zeek will be available for you to modify to suit your needs and the environment.

Course Overview

International Faculty

Post Course Interactions

Instructor-Moderated Discussions

Case Studies, Captstone Projects

Skills You Will Gain

What You Will Learn

You will learn all about this tool's frameworks and how to use them to customize the tool, as well as how to use it

First, you will learn about the various components used with Zeek customization and scripting

Next, you will learn about the Default scripts and how to modify them to suit your needs

Finally, you will practice using the frameworks to build the needed functionality for your use cases

When you're finished with this course, you will have the ability to modify Zeek in order to support your desired use cases and environment

Course Content

Expand all sections

Module 1: Illustrating the Zeek Signature Framework

Module 2: Managing Events with the Logging and Notice Frameworks

Module 3: Breaking Down the Scripting Basics

Module 4: Optimizing Zeek Default Scripts

Course Instructors

Joe Abraham

Instructor

Joe Abraham, CCIE #62417, is a Network Security Consultant working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from...