Zeek and Ye Shall Find: How to Build a Zeek Cluster at Washington University presented at SecureWorldStLouis 2020

by Brian Marentette,

Summary : Washington University has been using Zeek (formerly called BRO) for five years now. We recently moved from using SPAN sessions monitoring just north/south traffic, to building a TAP network to monitor both north/south and east/west traffic. We will look at the tools and hardware necessary to build the TAP network and the Zeek cluster. We will also look at some of the data that Zeek produces right out of the box.