Tag: NDR

A revelation during my studies with SANS revealed a lot of open source tools that I find amazing. One of those is the tool Zeek (formerly Bro) IDS. While I have enjoyed and been enriched by my studies of SiLK, Snort, Suricata, Tshark and TCPDump, Zeek is the tool that jumps out to me as that offering greatest potential to learn about and explore networks.

In this blog entry, we’re going to create a single-node Zeek sensor on our virtual host and turn it loose monitoring the network tap we have between our Core switch and the ESXi host. I am starting with Ubuntu 20.04 again, a minimal install, so we can get up and running and have some consistency with the ELK host we are also running. I know lots of distributions run these applications on CentOS/RedHat as well, and there are plenty of good blogs on installing it for yum/RPM based distributions, but we’ll stick with my feeble limitations for now😉