To conduct hunting operations, threat hunters need to make quick sense of their environment. Since nearly all attacks must cross the network, it’s an essential source of truth—yet common sources of network data such as Netflow records and DNS server logs provide minimal details and are difficult to correlate.
A better source of network data exists, however, in one of the industry's best-kept secrets: the open-source Zeek network security monitor. Zeek (formerly known as Bro) transforms raw network traffic into high-fidelity logs that comprehensively summarize network activity across more than 35 protocols at less than 1% the size of full traffic capture--perfect for enabling fast and easy search in SIEM solutions like Splunk.
Watch this webcast to hear from Roger Cheeks, Solution Engineer at Corelight, to learn how you can use Zeek logs in Splunk to answer critical questions and expand threat hunting capabilities.
Roger Cheeks is a Solution Engineer at Corelight, the company founded by the creators of the Zeek network security monitor. Roger has spent more than 20 years designing, implementing, and maintaining mission critical network and security systems. He is an expert in network analysis techniques and protocols including packets, flow, Zeek, and logs. Roger spent more than ten years architecting and implementing Splunk for Security Operations, and has supported verticals including financial, healthcare, cloud, entertainment, and more.
Ed Smith is Senior Product Marketing Manager at Corelight and has seven years experience working in the cyber security industry representing IaaS, DevOps, and vulnerability management solutions, including his most recent role as Director of Marketing at CloudPassage, a cloud workload security company.