Hello Everyone, I hope everyone reading this is healthy and safe. Some sad news today, intelstack.com is no more. For those of you who followed my Zeek IDS Installation on Raspberry PI Part 2 blog, intelstack was the heart of the threat intel feed to Zeek. Thankfully, other intrepid users have done some great work…
Read more
Hello friends, I hope everyone has been able to stay safe and healthy. I have been adding features to my Zeek and Elasticsearch environments, in this installment I will show how to add custom country, state and city information to your Elasticsearch entries based upon source and destination IP networks. It’s a game changer in…
Read more
Updated 03-14-2021 – added new beats, golang version, extra warnings Updated 10-02-2021 – Redid screenshots reflecting Elastic 7.15, move to Zeek filebeat module & pre-canned reports Hi Folks! It has been awhile, thank you for your patience. I have been doing some work in respect to the visualization of Zeek logs. This is a long…
Read more
Updated 09-06-2021 Welcome back! In the last episode – our intrepid adventurers setup a Raspberry Pi and got Zeek IDS, downloaded, compiled and running in a very basic way…. But what about some more advanced functions? What can this small box filled with power do more than report packets traversing switches and routers? Changing the…
Read more
(Originally posted on Peerlyst Aug 20, 2019 – Updated March 3, 2024) Changelog: Changed Raspberry PI from 3B+ to 4. Reinstalled from scratch with Debian Bookworm. Downloaded source .ta.gz from zeek.org and compiled from source instead of using git due to hang in one of the modules. A few months back I purchased a Raspberry…
Read more
