Corelight’s introductory guide to threat hunting with Zeek (Bro) logs
If you are considering or new to Corelight and Zeek (formerly known as Bro), this guide will help you as part of a proof of concept for an initial deployment.
The guide consists of analysts questions that help demonstrate usage of the data Zeek provides, and the value of a data-centric approach for Network Security Monitoring (NSM). Questions are organized by the location of instrumentation in the network.
Additionally, several threat hunting concepts are described to help deepen knowledge, especially for teams new to the practice.
Read it now!