WEBVTT 00:00:01.100 --> 00:00:03.099 Throughout this course, 00:00:03.100 --> 00:00:07.100 we're going to be getting started with Zeek in many different ways. 00:00:07.100 --> 00:00:11.600 We're going to start with an introduction to Zeek and talk about its features, 00:00:11.600 --> 00:00:15.100 benefits, use cases, and a little bit of history of it. 00:00:15.100 --> 00:00:19.242 We'll then talk about using Zeek in the enterprise as we detail the 00:00:19.242 --> 00:00:23.766 installation of it and go through the functionality of the engine and the 00:00:23.766 --> 00:00:26.099 ways to configure and control the application. 00:00:26.100 --> 00:00:30.100 We'll be just using a basic configuration for this course's scope. 00:00:30.100 --> 00:00:30.433 After, 00:00:30.433 --> 00:00:35.600 we're going to discuss the components of Zeek and detail the many frameworks, 00:00:35.600 --> 00:00:38.100 subcomponents, and plugins for it. 00:00:38.100 --> 00:00:42.099 We're trying to learn all about its many capabilities. 00:00:42.100 --> 00:00:42.400 Then, 00:00:42.400 --> 00:00:46.766 we want to go over the language of Zeek and talk about the scripting 00:00:46.766 --> 00:00:50.100 capabilities and especially cover the signature framework. 00:00:50.100 --> 00:00:50.433 Finally, 00:00:50.433 --> 00:00:54.766 we'll wrap up the module and cover the outputs and reporting 00:00:54.766 --> 00:00:57.900 capabilities of Zeek so you know where to find what you're looking 00:00:57.900 --> 00:01:02.099 for and be able to analyze the information. 00:01:02.100 --> 00:01:06.766 There really aren't any prerequisites for this course except to have a decent 00:01:06.766 --> 00:01:11.100 understanding of devices on the network and network protocols. 00:01:11.100 --> 00:01:15.099 I also would like you to have a really big desire to learn all about this tool, 00:01:15.100 --> 00:01:20.100 but since you're watching the course, it looks like you already have that. 00:01:20.100 --> 00:01:23.100 If you want to follow along with us in the labs throughout the course, 00:01:23.100 --> 00:01:28.099 you can use most major Linux platforms to install and run Zeek on. 00:01:28.100 --> 00:01:30.100 I'm using CentOS 7, 00:01:30.100 --> 00:01:33.671 but any capable operating system would work as long 00:01:33.671 --> 00:01:35.100 as it's compatible with Zeek. 00:01:35.100 --> 00:01:38.100 You'll also need to download Zeek from their website and have at least 00:01:38.100 --> 00:01:42.100 something on the network for it to capture traffic from to analyze. 00:01:42.100 --> 00:01:46.100 Like you saw in the topology earlier, I have a few devices for this purpose. 00:01:46.100 --> 00:02:00.100 Other than those things, you should be good to go and follow along in the demos.