Hello,
I am new to Zeek and I am looking to dive deeper into customizing scripts to better suit my network security needs. I have been using Zeek for a few months now and have been able to deploy basic detection scripts but I am still learning when it comes to more advanced scripting.
Could anyone share best practices or tips for customizing Zeek scripts? Specifically…, I am interested in:
Modifying existing scripts :- Are there any guidelines to follow when altering default scripts to avoid errors or conflicts with other scripts: ??
Performance optimization :- Any advice on ensuring that custom scripts don’t affect Zeek’s performance or cause unnecessary resource consumption: ??
Use case examples :- If anyone has worked on specific custom detection scripts…, I would love to hear examples and use cases.
I have already searched on the forum for the solution related to my query and found this thread https://community.zeek.org/t/best-way-to-modify-bundled-scripts-power-apps but couldn’t get enough solution.
I would really appreciate any advice, resources or personal experiences you can share. Thanks in advance for your help !!
With Regards,
Daniel Jose