#Threat Hunting Tails

Zeek – Load Certificates to Zeek

Christos July 26, 2023 No Comments

When you deploy your Zeek sensor for the first time, after a while you will mention that a lot of notices will appear to your notice.log, as a result of…

Zeek

Zeek – Passive Hostname Enrichment Module

Christos April 25, 2023 No Comments

In the process of Threat Hunting or even as a SOC Analyst, it is crucial to know your assets. You have to know which are the SSH Servers, the DNS…

Zeek

Zeek – Geolocation Enrichment

Christos March 30, 2023 No Comments

Continuing my previous post, about ASN Enrichment (https://threathuntingtails.com/zeek-asn-enrichment/), today I will talk about Geolocation Enrichment or how to insert Geolocation Data in your Zeek logs. This feature will provide you…

Zeek

Zeek – ASN Enrichment

Christos July 18, 2022 1 Comment

Prior to version 5.0, Zeek has been giving you only the capability to enrich your data with the AS Number (Autonomous Systems Number – https://en.wikipedia.org/wiki/Autonomous_system_(Internet) ) by using the lookup_asn…

Zeek

Zeek – Suppress SSL/TLS Notices

Christos March 11, 2022 No Comments

There are times that you get a lot of Zeek Notices that have no value to your security model or these are false positives. Maybe it will not be in…

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_092CVX01F7	2 years	This cookie is installed by Google Analytics.

Zeek – Load Certificates to Zeek

Zeek – Passive Hostname Enrichment Module

Zeek – Geolocation Enrichment

Zeek – ASN Enrichment

Zeek – Suppress SSL/TLS Notices

You Missed

Enriching Sysmon EventID 3 Logs with CommunityID by utilizing Apache NiFi

Suricata – Suricata Monitoring with Zabbix

Zeek – Network File Extraction

Decapsulating HP-ERM Remote SPAN