RE: https://infosec.exchange/@zeek/116534356390322075
ICYMI, we've been working on some new community content...
Check out the newsletter for a DNS NOTIFY investigation, dual-format logging, custom Spicy detections, and more!
Z
zeek@infosec.exchange
@zeek@infosec.exchange
Posts
-
ICYMI, we've been working on some new community content... -
If you're running Zeek in AWS, be sure to check out Arne's post on Traffic Mirroring, the UDP packet source plugin for VXLAN, and Kafka log forwarding.If you're running Zeek in AWS, be sure to check out Arne's post on Traffic Mirroring, the UDP packet source plugin for VXLAN, and Kafka log forwarding.
Zeek: Using Zeek with AWS Traffic Mirroring and Kafka
AWS provides a feature that allows mirroring your infrastructure's network traffic to a separate system for analysis purposes. This is called AWS Traffic Mirroring. If you'd like to use Zeek's network traffic analysis capabilities in such a cloudy environment, this blog post explains how to do so using the recently published UDP-based packet source plugin…
Zeek (zeek.org)
-
ICYMI: Seth's walkthrough on JA4 fingerprinting in Zeek covers JA4, JA4S, JA4H, JA4T, JA4SSH, and JA4D with installation and use cases.ICYMI: Seth's walkthrough on JA4 fingerprinting in Zeek covers JA4, JA4S, JA4H, JA4T, JA4SSH, and JA4D with installation and use cases.
Zeek: How to Use JA4 Network Fingerprints in Zeek
Learn how to use JA4 network fingerprinting in Zeek to identify client and server software, detect malware, and track behavior across encrypted connections without requiring decryption. Network fingerprinting helps identify client and server software without decrypting traffic or relying on IP addresses that rotate constantly. JA4, a family of fingerprinting methods released by FoxIO, expands…
Zeek (zeek.org)