FedSearch
F0rm4t · @F0rm4t
8 followers · 12 posts · Server infosec.exchange

Supercharging Defender for Endpoint with Zeek

The integration of Zeek into Microsoft Defender for Endpoint provides new levels of network analysis capabilities based on deep inspection of network traffic.
can now monitor inbound and outbound traffic with a novel engine that is capable of:
- Session Awareness
- Dynamic Protocol Detection
- Dynamic Scripting Content

techcommunity.microsoft.com/t5

#zeek #Corelight #microsoft #defender #microsoft365defender #xdr #edr #azure #windows #linux #network #udp #tcp #networkispection #networkbaseddetections #hunting

Last updated 3 years ago
Original post

F0rm4t · @F0rm4t
4 followers · 6 posts · Server infosec.exchange
Open media

Supercharging Defender for Endpoint with Zeek

The integration of Zeek into Microsoft Defender for Endpoint provides new levels of network analysis capabilities based on deep inspection of network traffic.
can now monitor inbound and outbound traffic with a novel engine that is capable of:
- Session Awareness
- Dynamic Protocol Detection
- Dynamic Scripting Content

techcommunity.microsoft.com/t5

#zeek #Corelight #microsoft #defender #microsoft365defender #xdr #edr #azure #windows #linux #network #udp #tcp #networkispection #networkbaseddetections #hunting

Last updated 3 years ago
Original post

Marko Jahnke · @markojahnke
66 followers · 227 posts · Server bonn.social
Zeek is Now a Component of Microsoft Windows

(some of you might still know it as ) is an multipurpose network traffic processor that is now a part of Windows.

After being created by network security legend , it has been further developed by the guys at in Berkeley, CA.

Some of them (including members of the German exclave at ICSI) started the spin-off company Inc. that built commercial products around it.

corelight.com/company/zeek-now

#zeek #bro #opensource #microsoft #VernPaxson #icsi #Corelight #ids #infosec #cybersecurity

Last updated 3 years ago
Original post