Hi,
as per the Zeek documentation-
"Zeek is not a classic signature-based intrusion detection system (IDS); while it supports such standard functionality as well, Zeek’s scripting language facilitates a much broader spectrum of very different approaches to finding malicious activity. These include semantic misuse detection, anomaly detection, and behavioral analysis."
How exactly anomaly detection is being used with respect to following points:
1. Which type of attacks does Zeek handle using anomaly detection?
2. What anomaly detection techniques are being used by Zeek?
3. What are the specific scripts which are using these techniques for detection?
Also there is one more concern about the use of Zeek as an IDS, like previously there was one bro-script to detect synflood in Bro-1.5.3 version which is not available in the current version. So why it got discontinued ?
Thanks
Zeya Umayya