Zeek
Overview
Zeek is a free and open-source software network analysis framework; it was originally developed in 1994 by Vern Paxson and was named in reference to George Orwell's Big Brother from his novel Nineteen Eighty-Four. It can be used as a network intrusion detection system (NIDS) but with additional live analysis of network events. It is released under the BSD license.
Event Categories
The following table lists the data source offered by this integration.
| Data Source | Description |
|---|---|
Network intrusion detection system |
Zeek signature framework provides this capability |
Network protocol analysis |
packet analysis capabilities are available by default |
DNS records |
DNS queries intercepted by Zeek |
Web logs |
Zeek captures the HTTP traffic |
Configure
Refer to the configuration of Zeek's export to syslog to forward dns, http and conn logs to Sekoia.io by means of an rsyslog transport channel. Please consult the Rsyslog Transport documentation to forward these logs to Sekoia.io.