Hi everyone, I’m exploring ways to use Zeek to monitor network traffic from a fleet of IoT devices (ESP32, Raspberry Pi, etc.) and want to understand what kinds of traffic patterns or scripts work best for detecting unusual behavior. For context, I’ve been playing with a simple ESP32 motion sensor project https://www.theengineeringprojects.com/2022/03/iot-based-motion-detection-with-email-alert-using-esp32.html, that regularly POSTs data over HTTP, and I’m curious how Zeek can help profile or flag anomalies in similar IoT traffic. I’ve seen Arduino forum threads and some Raspberry Pi community posts where folks talk about pushing sensor data via REST APIs or MQTT brokers. For those experienced with Zeek in mixed environments, what scripts, policy tweaks, or protocol analyzers do you recommend for reliably tracking and alerting on IoT traffic patterns without too much noise?