Zeek is a free and open-source software network analysis framework; it was originally developed in 1994 by Vern Paxson and was named in reference to George Orwell's Big Brother from his novel Nineteen Eighty-Four. It can be used as a network intrusion detection system (NIDS) but with additional live analysis of network events. It is released under the BSD license.
The following table lists the data source offered by this integration.
||Zeek signature framework provides this capability|
||packet analysis capabilities are available by default|
||DNS queries intercepted by Zeek|
||Zeek captures the HTTP traffic|
Refer to the configuration of Zeek's export to syslog to forward dns, http and conn logs to Sekoia.io by means of an rsyslog transport channel. Please consult the Rsyslog Transport documentation to forward these logs to Sekoia.io.