The below outlines the types of Zeek logs derived from this file that we care to look at: We can see a breakdown of the type of activity seen in this capture from the above screenshot. What does this data mean?īrim took the PCAP and generated the associated Zeek log files from the data. You can also use the questions provided on the website as a starting point if you wish to dive deeper into the data. I then uploaded the PCAP file to the Brim system and received the below output.įrom here, we are now ready to explore the data. Y ou can find all the versions and platforms Brim supports to use the tool yourself. Īfter I downloaded the PCAP file safely, I downloaded Brim for MacOS. I’ll start by pulling the PCAP file from the website. We will explore the data in the “ Traffic analysis exercise – Windows host visits a website, gets EK traffic ” exercise for this articleįirst, we will need to download the appropriate tools and files for this use case.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |