[Zeek] Signature for IoT Devices
Richard Bejtlich
richard at corelight.com
Mon Feb 3 15:27:38 PST 2020
Just curious — if you prefer signatures, why choose Zeek over Suricata?
Sincerely,
Richard
On Mon, Feb 3, 2020 at 5:51 PM Jonah Cartwright <jacartwright at g.hmc.edu>
wrote:
> Hi Zeek Community,
>
> I am working on a project to identify IoT devices on a network. We are
> primarily working with the signatures framework. We would like to write
> signatures for different device types (i.e. smart plug, smart speaker,
> etc.). Does anyone have any advice on how to start going about this in
> terms of unique identifiers or protocols these IoT devices may be using
> that other devices may not use?
>
> Thanks,
> Jonah
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Richard Bejtlich
Principal Security Strategist, Corelight
https://corelight.blog/author/richardbejtlich/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200203/adfc6f16/attachment.html
More information about the Zeek
mailing list