PHASE: Zeek Network Monitor50% COMPLETION
MODULE 04
Hunting in Network Traffic
Using Zeek (Bro) and RITA to find beacons and long connections.
Zeek Network Monitor
Zeek (formerly Bro) converts network traffic into structured logs.
conn.log - TCP/UDP connections
dns.log - DNS queries
http.log - HTTP requests
ssl.log - TLS/SSL certificates
dns.log - DNS queries
http.log - HTTP requests
ssl.log - TLS/SSL certificates