Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
The goal of this course is to provide you with an introduction to Zeek (formerly Bro) the application and the programming language. While the logs Zeek produces natively can be extremely useful, its full value is realized through its scripting interface. To help you get up to speed quickly with the tool and the language this course focuses on explaining and demonstrating many of the core concepts critical to network security analysis.
Bricata supplies network security solutions that deliver innovative next generation intrusion prevention, advanced threat detection and analysis, and threat hunting to enable large organizations to actively pursue and identify advanced, persistent, and coordinated attacks. What is Zeek Scripting? Zeek (formerly Bro) includes an event-driven scripting language that provides the primary means for an organization to extend and customize Zeek's functionality. Virtually all of the output generated by Zeek is, in fact, generated by Zeek scripts. It's almost easier to consider Zeek to be an entity behind-the-scenes processing connections and generating events while Zeek's scripting language is the medium through which we mere mortals can achieve communication. Zeek scripts effectively notify Zeek that should there be an event of a type we define, then let us have the information about the connection so we can perform some function on it. What is Bricata? A specialized component-based approach to today's attacks has left organizations with a stack of tools to manage that provide a patchwork of uncorrelated data, leaving penetrable gaps and inconsistent security policies. The Bricata platform provides organizations with process automation, streamlining operations with the most effective, affordable solution for situational awareness and proactive threat defense, reducing complexity, dwell time, and time to containment. Bricata's appliances offer a high-efficiency solution delivering innovative next generation, full feature intrusion prevention, advanced threat detection and analytics, and threat hunting. This is the only platform that integrates signature inspection, anomaly detection, and malware conviction engine, with all three engines sharing the workload and expanding the scope and accuracy of attacks. Bricata's high-performance MX and GX hardware platforms provide the power necessary to provide visibility into high speed networks, while Bricata's VGX virtual appliances provide the flexibility and ease of deployment necessary for today's networks.