[Zeek] Signature for IoT Devices
Jonah Cartwright
jacartwright at g.hmc.edu
Mon Feb 3 15:39:04 PST 2020
Not any particular reason, we were asked to use Zeek for the project, and
figured signatures was the best method to use in Zeek.
On Mon, Feb 3, 2020 at 3:27 PM Richard Bejtlich <richard at corelight.com>
wrote:
> Just curious — if you prefer signatures, why choose Zeek over Suricata?
>
> Sincerely,
>
> Richard
>
> On Mon, Feb 3, 2020 at 5:51 PM Jonah Cartwright <jacartwright at g.hmc.edu>
> wrote:
>
>> Hi Zeek Community,
>>
>> I am working on a project to identify IoT devices on a network. We are
>> primarily working with the signatures framework. We would like to write
>> signatures for different device types (i.e. smart plug, smart speaker,
>> etc.). Does anyone have any advice on how to start going about this in
>> terms of unique identifiers or protocols these IoT devices may be using
>> that other devices may not use?
>>
>> Thanks,
>> Jonah
>> _______________________________________________
>> Zeek mailing list
>> zeek at zeek.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
> --
> Richard Bejtlich
> Principal Security Strategist, Corelight
> https://corelight.blog/author/richardbejtlich/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200203/8e636267/attachment.html
More information about the Zeek
mailing list