Join us at hack.lu 2025 — Info & Registration
Duration: 30 min
Type: Talk
Speakers: Christian Kreibich
Abstract
The Zeek network monitor offers a range of mechanisms to interact with it while up and running. Examples include its ability to asynchronously ingest intel data, exchange Zeek events with custom-built services, call out to web APIs via Javascript, load and save runtime state, and produce operational telemetry. These features provide powerful means to integrate Zeek into an organization’s cybersecurity infrastructure, taking it far beyond a mere
producer of network logs.
In this talk I will walk through these features, outline their relative pros and cons, and give examples of real-world applications they enable, including machine learning models, threat intel platforms like MISP, and “round-tripping” of network inventory data. This talk is ideal for users who have gained initial experience with running Zeek, and are looking to get more out of their deployment. Even if you’ve never used Zeek before, you’ll gain a better understanding of what it can provide for your network detection & response infrastructure.
Description
(See abstract.)