WEBVTT 00:00:00.000 --> 00:00:06.000 Hello, and welcome to the course, Getting Started with Zeek. 00:00:06.000 --> 00:00:06.666 I'm Joe, 00:00:06.666 --> 00:00:11.000 a network security consultant and a big fan of network 00:00:11.000 --> 00:00:13.000 monitoring tools and applications. 00:00:13.000 --> 00:00:13.818 In this course, 00:00:13.818 --> 00:00:16.818 I'm going to teach you all about Zeek and everything you 00:00:16.818 --> 00:00:19.000 need to know to get started with it. 00:00:19.000 --> 00:00:23.111 We'll dive into this tool's functions and uses and learn 00:00:23.111 --> 00:00:27.000 how to get it installed and configured. 00:00:27.000 --> 00:00:30.999 You may be asking yourself, what the heck is Zeek? 00:00:31.000 --> 00:00:31.333 Well, 00:00:31.333 --> 00:00:35.666 it's a network monitoring tool that you can use to alert you to 00:00:35.666 --> 00:00:38.000 threats or suspicious activity on your network. 00:00:38.000 --> 00:00:41.000 But before we start getting into all of that, 00:00:41.000 --> 00:00:44.666 you may need to know that Zeek is the new name for what 00:00:44.666 --> 00:00:48.000 many of us used to know this tool as, Bro. 00:00:48.000 --> 00:00:51.000 Yes, this course is all about the tool Bro. 00:00:51.000 --> 00:00:54.000 The name change just happened in 2018, 00:00:54.000 --> 00:00:58.000 so there are plenty of people that still use the name Bro. 00:00:58.000 --> 00:01:00.999 Even some of the scripting within the application does too. 00:01:01.000 --> 00:01:04.285 I'll use the name Zeek and Bro interchangeably if I 00:01:04.285 --> 00:01:04.999 need to throughout this course. 00:01:05.000 --> 00:01:07.272 So, Zeek is Bro 3.0, 00:01:07.272 --> 00:01:13.999 and it's the same awesome tool that we knew from the other name. 00:01:14.000 --> 00:01:19.000 Okay, now that any confusion about that is gone, let's talk about this course. 00:01:19.000 --> 00:01:22.272 We're going to be using a topology like this, 00:01:22.272 --> 00:01:27.000 simple enough, so that we can see a little bit of data and see how Zeek reacts. 00:01:27.000 --> 00:01:31.199 We have our CentOS virtual machine that Zeek will be 00:01:31.199 --> 00:01:35.000 installed on to capture the data, as well as the rest of our network. 00:01:35.000 --> 00:01:37.999 Clients and our Windows Server are all going to a router. 00:01:38.000 --> 00:01:39.090 Using this topology, 00:01:39.090 --> 00:01:43.666 we'll be able to configure and use Zeek to detect threats 00:01:43.666 --> 00:01:47.000 and suspicious activity on our network. 00:01:47.000 --> 00:01:53.000 So you work for a wonderful company Globomantics, the robotics company. 00:01:53.000 --> 00:01:56.666 They're looking to improve their network monitoring capabilities and want 00:01:56.666 --> 00:02:00.000 to try to stick with an open source tool if possible. 00:02:00.000 --> 00:02:02.999 Zeek was one of the tools on the list, and here we are. 00:02:03.000 --> 00:02:05.750 We'll learn all about it so that you can make a 00:02:05.750 --> 00:02:08.000 decision on if the tool fits your needs, 00:02:08.000 --> 00:02:12.250 as well as how to install it and configure it for 00:02:12.250 --> 00:02:14.000 whenever you do move forward with it. 00:02:14.000 --> 00:02:17.000 You're going to be the one to advocate for Zeek and 00:02:17.000 --> 00:02:24.000 what it can do for your network.