[Zeek] Detection of all attacks in pcap file
richard at corelight.com
Mon Oct 21 13:59:26 PDT 2019
The notice log would contain any information pertaining to
the policy/protocols/ssh/detect-bruteforcing.zeek script.
However, I'm a little concerned by the nature of your task. Zeek isn't
really designed as an "intrusion detection system" like Snort or Suricata.
Is this a school project?
On Mon, Oct 21, 2019 at 2:18 PM Borivoje Pavlovic <bpboci24 at gmail.com>
> Hi all,
> I am beginner in Zeek. Currently, I have a task to perform analysis of .
> pcap files and detect all possible attacks per time instances. In the other
> words I have to test Zeek as an IDS tool and find with which percentage is
> Zeek able to classify traffic correctly (True/False positive, True/False
> negative indication). Is there possibility to do so? For example, I tried
> to run integrated Brute-Forcing.zeek script against my .pcap file but in
> the notice.log there is just note that there was an attack which is not
> what I am looking. Do I have to search for labeled network in some other
> Thanks in advance
> Zeek mailing list
> zeek at zeek.org
Principal Security Strategist, Corelight
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Zeek