Hello, I’m Elizabeth. Currently, I’m engaged in a research project that focuses on utilizing Python scripting for automated Zeek rule writing. I would appreciate any suggestions you may have on how I can effectively assess and quantify my metrics.
Can you explain what mean by Zeek rules? Are you thinking of Zeek like it’s an IDS similar to Suricata, perhaps?
Yes, it is an IDS tool that is similar to Suricata.
I’m afraid Zeek is not like Suricata. You do not write “rules” for Zeek. Zeek is not an IDS engine.
Edited to add:
The “about” section of our docs might help clarify: