{"id":48,"date":"2020-03-29T15:11:16","date_gmt":"2020-03-29T19:11:16","guid":{"rendered":"https:\/\/secognition.com\/?p=48"},"modified":"2020-04-25T12:58:41","modified_gmt":"2020-04-25T16:58:41","slug":"learning-zeek","status":"publish","type":"post","link":"https:\/\/secognition.com\/?p=48","title":{"rendered":"Learning Zeek"},"content":{"rendered":"<p>&nbsp;<\/p>\r\n\r\n<p>I&#8217;ve been fascinated by Network Intrusion Detection Systems (NIDS) for ages. I love that a port on a switch can mirror all traffic coming into other (or all) ports and make that traffic available for inspection. Back in the day I used to deploy ISS (Now IBM) IDS devices in corporate networks. At the core they were beefy server class devices with plenty of compute power that could barely take on a gigabit of data and had proprietary software and signature based detection engines to report any suspicious patterns.<\/p>\r\n\r\n\r\n\r\n<p>These days there are many open source solutions that can do what these servers did back in the day on a budget. I&#8217;ve been running Zeek for the last year on a Raspberry PI form factor and wrote up how to install the basics and get it reporting locally.<\/p>\r\n\r\n\r\n\r\n<p>I hope this can help some folks on the security journey. They can discover the same fun I had being able to scan through packets and finding any adversaries.<\/p>\r\n\r\n\r\n\r\n<p><a href=\"https:\/\/www.peerlyst.com\/posts\/zeek-ids-installation-on-raspberry-pi-part-1-david-lagace-cissp-cism-pmp\">https:\/\/www.peerlyst.com\/posts\/zeek-ids-installation-on-raspberry-pi-part-1-david-lagace-cissp-cism-pmp<\/a><\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; I&#8217;ve been fascinated by Network Intrusion Detection Systems (NIDS) for ages. I love that a port on a switch can mirror all traffic coming into other (or all) ports and make that traffic available for inspection. Back in the day I used to deploy ISS (Now IBM) IDS devices in corporate networks. At the&hellip; <br \/> <a class=\"read-more\" href=\"https:\/\/secognition.com\/?p=48\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":154,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-48","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"jetpack_featured_media_url":"https:\/\/secognition.com\/wp-content\/uploads\/2020\/03\/Homearch1.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/secognition.com\/index.php?rest_route=\/wp\/v2\/posts\/48","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secognition.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secognition.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secognition.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secognition.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=48"}],"version-history":[{"count":0,"href":"https:\/\/secognition.com\/index.php?rest_route=\/wp\/v2\/posts\/48\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secognition.com\/index.php?rest_route=\/wp\/v2\/media\/154"}],"wp:attachment":[{"href":"https:\/\/secognition.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=48"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secognition.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=48"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secognition.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=48"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}