#Threat Hunting Tails – Page 2 – Threat Hunting , Zeek and more…

Zeek – Passive Hostname Enrichment Module

Christos April 25, 2023 0Comments

In the process of Threat Hunting or even as a SOC Analyst, it is crucial to know your assets. You have to know which are the SSH Servers, the DNS…

Zeek

Zeek – Geolocation Enrichment

Christos March 30, 2023 0Comments

Continuing my previous post, about ASN Enrichment (https://threathuntingtails.com/zeek-asn-enrichment/), today I will talk about Geolocation Enrichment or how to insert Geolocation Data in your Zeek logs. This feature will provide you…

Zeek

Zeek – ASN Enrichment

Christos July 18, 2022 0Comments

Prior to version 5.0, Zeek has been giving you only the capability to enrich your data with the AS Number (Autonomous Systems Number - https://en.wikipedia.org/wiki/Autonomous_system_(Internet) ) by using the lookup_asn…

Zeek

Zeek – Suppress SSL/TLS Notices

Christos March 11, 2022 0Comments

There are times that you get a lot of Zeek Notices that have no value to your security model or these are false positives. Maybe it will not be in…

Zeek

Zeek – SMTP URL Extraction

Christos March 3, 2022 0Comments

Zeek is a powerful tool for monitoring your networks. It has many powerful capabilities, but the best of all, it is the Zeek script language, that gives you the capability…

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_092CVX01F7	2 years	This cookie is installed by Google Analytics.

Zeek – Passive Hostname Enrichment Module

Zeek – Geolocation Enrichment

Zeek – ASN Enrichment

Zeek – Suppress SSL/TLS Notices

Zeek – SMTP URL Extraction

You Missed

Suricata – Suricata Monitoring with Zabbix

Zeek – Network File Extraction

Decapsulating HP-ERM Remote SPAN

Zeek – Restrict Capturing Traffic with BPF Filters