[Zeek] Detection of all attacks in pcap file

Borivoje Pavlovic bpboci24 at gmail.com
Mon Oct 21 11:09:48 PDT 2019


Hi all,

I am beginner in Zeek. Currently, I have a task to perform analysis of .
pcap files and detect all possible attacks per time instances. In the other
words I have to test Zeek as an IDS tool and find with which percentage is
Zeek able to classify traffic correctly (True/False positive, True/False
negative indication). Is there possibility to do so? For example, I tried
to run integrated Brute-Forcing.zeek script against my .pcap file but in
the notice.log there is just note that there was an attack which is not
what I am looking. Do I have to search for labeled network in some other
logs?

Thanks in advance

Borivoje
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191021/83129832/attachment.html 


More information about the Zeek mailing list