[Zeek] ZEEK AS AN IDS

edX edx0004 at gmail.com
Wed Oct 23 23:27:48 PDT 2019


Thanks, I'll check it out.

edX

On Wed, Oct 23, 2019 at 4:41 PM Richard Bejtlich <richard at corelight.com>
wrote:

> I just Googled
>
> bro sql injection detection
>
> and this paper was the second result, right after a link to the Bro SQL
> injection detection script.
>
>
> https://www.sans.org/reading-room/whitepapers/detection/web-application-attack-analysis-bro-ids-34042
>
>
> You might have to look for Bro references as the Zeek rename is only a
> year old.
>
> Sincerely,
>
> Richard
>
> On Wed, Oct 23, 2019 at 9:26 AM edX <edx0004 at gmail.com> wrote:
>
>> I have done some research on detecting ssh bruteforce attacks. I found
>> resource from hold my beer blog.
>>
>> edx0004.
>>
>> On Wed, Oct 23, 2019 at 3:49 PM Richard Bejtlich <richard at corelight.com>
>> wrote:
>>
>>> Hello,
>>>
>>> What research have you done so far?
>>>
>>> Richard
>>>
>>> On Wed, Oct 23, 2019 at 4:04 AM edX <edx0004 at gmail.com> wrote:
>>>
>>>> Hello! I am an intermediate zeek user. I would like a walk-through on
>>>> how i can use zeek to detect different types of attacks such as sql
>>>> injection, ddos, man in the middle attacks and the likes.
>>>> Thanks.
>>>> _______________________________________________
>>>> Zeek mailing list
>>>> zeek at zeek.org
>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>>>
>>>
>>>
>>> --
>>> Richard Bejtlich
>>> Principal Security Strategist, Corelight
>>> https://corelight.blog/author/richardbejtlich/
>>>
>>
>
> --
> Richard Bejtlich
> Principal Security Strategist, Corelight
> https://corelight.blog/author/richardbejtlich/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191024/51c1f96f/attachment-0001.html 


More information about the Zeek mailing list