Writing Zeek Rules and Scripts

سرفصل های دوره

Zeek is a customizable, open-source tool that allows you to monitor the network and analyze events within it. This course will teach how to customize it through the use of custom rules, scripts, and policies.

1 - Course Overview

1. Course Overview

2 - Illustrating the Zeek Signature Framework

1. Scripting with Zeek

2. The Zeek System Workflow

3. Learning the Zeek Signature Language

4. Configuring Zeek's Signature Detection

5. Validating the Detection

3 - Managing Events with the Logging and Notice Frameworks

1. Learning About Zeek Logging

2. Formatting Zeek Logs

3. Using the Zeek Logging Framework

4. Practicing with the Logging Framework

5. Interacting with the Zeek Notice Framework

6. Practicing with the Notice Framework

4 - Breaking Down the Scripting Basics

1. Understanding a Zeek Script

2. Event Queue and Handlers

3. Data Types and Structures

4. The Script Options

5. Breaking down the Zeek Scripts

5 - Optimizing Zeek Default Scripts

1. General Scripting Rules

2. Zeek's Default Scripts

3. Detailing Zeek's Script Defaults

4. Zeek's Tuning Scripts

5. Optimizing Zeek Through Scripts

6 - Customizing Scripts to Extend Zeek Functionality

1. Zeek Custom Scripting

2. Building a Zeek Script

3. Continuing the Zeek Script

4. Validating the Zeek Script

5. Reviewing Zeek Scripting

Exercise Files

writing-zeek-rules.zip

179,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: PluralSight