[Zeek] ZEEK AS AN IDS
Richard Bejtlich
richard at corelight.com
Wed Oct 23 06:41:48 PDT 2019
I just Googled
bro sql injection detection
and this paper was the second result, right after a link to the Bro SQL
injection detection script.
https://www.sans.org/reading-room/whitepapers/detection/web-application-attack-analysis-bro-ids-34042
You might have to look for Bro references as the Zeek rename is only a year
old.
Sincerely,
Richard
On Wed, Oct 23, 2019 at 9:26 AM edX <edx0004 at gmail.com> wrote:
> I have done some research on detecting ssh bruteforce attacks. I found
> resource from hold my beer blog.
>
> edx0004.
>
> On Wed, Oct 23, 2019 at 3:49 PM Richard Bejtlich <richard at corelight.com>
> wrote:
>
>> Hello,
>>
>> What research have you done so far?
>>
>> Richard
>>
>> On Wed, Oct 23, 2019 at 4:04 AM edX <edx0004 at gmail.com> wrote:
>>
>>> Hello! I am an intermediate zeek user. I would like a walk-through on
>>> how i can use zeek to detect different types of attacks such as sql
>>> injection, ddos, man in the middle attacks and the likes.
>>> Thanks.
>>> _______________________________________________
>>> Zeek mailing list
>>> zeek at zeek.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>>
>>
>>
>> --
>> Richard Bejtlich
>> Principal Security Strategist, Corelight
>> https://corelight.blog/author/richardbejtlich/
>>
>
--
Richard Bejtlich
Principal Security Strategist, Corelight
https://corelight.blog/author/richardbejtlich/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191023/0d8c7a90/attachment.html
More information about the Zeek
mailing list