ZEEK AS AN IDS

edX · October 23, 2019, 7:55am

Hello! I am an intermediate zeek user. I would like a walk-through on how i can use zeek to detect different types of attacks such as sql injection, ddos, man in the middle attacks and the likes.
Thanks.

Richard_Bejtlich · October 23, 2019, 12:49pm

Hello,

What research have you done so far?

Richard

Richard_Bejtlich · October 23, 2019, 1:41pm

I just Googled

bro sql injection detection

and this paper was the second result, right after a link to the Bro SQL injection detection script.

https://www.sans.org/reading-room/whitepapers/detection/web-application-attack-analysis-bro-ids-34042

You might have to look for Bro references as the Zeek rename is only a year old.

Sincerely,

Richard

edX · October 24, 2019, 6:27am

Thanks, I’ll check it out.

edX

Topic		Replies	Views
Anomaly-based intrusion detection in Zeek Development development	1	331	May 6, 2022
Bro IDS anomaly detection Zeek	2	85	May 6, 2022
SQL injection on cookies and POST Method Zeek	1	134	May 6, 2022
Bro: a question regarding type Zeek	1	89	May 6, 2022
Query reagrding Bro Ids Zeek	7	75	May 6, 2022

ZEEK AS AN IDS

Related topics