Students will learn how to deploy, configure and customize a Zeek Network Intrusion Detection System (NIDS). They will customize Zeek to generate enterprise specific logs and to send email notifications of events of interest. They will also create a simple Zeek plugin, using the Zeek scripting language, to detect and block brute force ssh login attempts.
Prerequisites
Basic networking concepts (TCP/IP, DNS, etc.) and familiarity with the Unix/Linux command line.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: Enterprise Instructional Labs
- Introduction to Cybersecurity Lab Package
- Introduction to Network Security Lab Package
- Intrusion Detection and Prevention Lab Package
- Secure Network Setup Package
- System Administrator 2
- Cyber Defense Analyst 2
- Cyber Defense Incident Responder
- Cyber Defense Infrastructure Support Specialist 2
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
