High-level packet analysis tools give us the overview of what’s on a network; they save us huge amounts of time. But every once in a while we look at these summaries and say “What the heck is going on with this system?”

Here’s where we need to fall back to either looking at raw packets or going halfway there by looking at Zeek logs. Zeek provides a rich amount of detail on network traffic if you know how to extract it! In this talk we’ll look at both manual and semi-automated approaches to getting more detail out of your Zeek logs.

Register Here