[Zeek] Detection of all attacks in pcap file
Richard Bejtlich
richard at corelight.com
Mon Oct 21 13:59:26 PDT 2019
Hello,
The notice log would contain any information pertaining to
the policy/protocols/ssh/detect-bruteforcing.zeek script.
However, I'm a little concerned by the nature of your task. Zeek isn't
really designed as an "intrusion detection system" like Snort or Suricata.
Is this a school project?
Sincerely,
Richard
On Mon, Oct 21, 2019 at 2:18 PM Borivoje Pavlovic <bpboci24 at gmail.com>
wrote:
> Hi all,
>
> I am beginner in Zeek. Currently, I have a task to perform analysis of .
> pcap files and detect all possible attacks per time instances. In the other
> words I have to test Zeek as an IDS tool and find with which percentage is
> Zeek able to classify traffic correctly (True/False positive, True/False
> negative indication). Is there possibility to do so? For example, I tried
> to run integrated Brute-Forcing.zeek script against my .pcap file but in
> the notice.log there is just note that there was an attack which is not
> what I am looking. Do I have to search for labeled network in some other
> logs?
>
> Thanks in advance
>
> Borivoje
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Richard Bejtlich
Principal Security Strategist, Corelight
https://corelight.blog/author/richardbejtlich/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191021/319b8df5/attachment.html
More information about the Zeek
mailing list