The domain that loves BSD
Zeek is not an active protective security device, like a firewall or intrusion prevention system. Rather, Zeek runs on a "sensor", a hardware, software, virtual, or cloud platform that quietly and unobtrusively observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs.
In this blog post we do some basic queries on some of the Zeek logfiles.
But we want a more secure setup than this and run Zeek as a normal user. Fortunately this is possible on our favorite Operating System!
I wanted to get more visibility in my network on the application and services level. An example of a current missing insight on my network is e.g. which domains are queried by the systems on my network? And no other tool than Zeek can answer this question the best! Zeek is a network security monitoring platform which generates rich network metadata that is very valuable for general network troubleshooting, getting insight in what happens on your network, and even for incident response and forensics!
See the archive page or category pages on the right for more (older) blog posts.
The SoCruel.NU blog is about FreeBSD, open source software running on it and IT security. It is run by Lars Wittebrood. The posts are based on my own experiences and expose my opinion. This is all made for fun and the learning experience! And hopefully they contribute to the BSD community as well!