Fun fact: Micro SD cards go bad occasionally.😳🤦‍♂️

Now rebuilding Zeek. At least I can remote in (best to be rebuilt from console).
#Zeek #InfoSec

I'm looking for #OSSec guidance, I remember when #tripwire was suggested for detecting #rootkits, but there's so many options, with #Zeek and #Maltrail. #HIDS #IntrusionDetection

I thought OSSEC with the GUI looked nice, especially if there was a central monitoring server that agents could report to. Zeek looks more like that but looks like it may have to sit at the router, which is annoying, and doesn't detect rootkits at all. My end goal is preventing SIP phone fraud.

https://linuxsecurity.expert/tools/samhain/alternatives/

ICYMI check out my BACNet basics with @zeek How-To video:

https://www.youtube.com/watch?v=C1y6UY_ithk

#bacnet #zeek #ics

We updated the @zeek IPSec protocol analyzer this morning:

https://drkeithjones.com/index.php/2023/03/15/zeek-spicy-ipsec-protocol-analyzer-update-v0-2-17/

#opensource #cybersecurity #zeek

@keithjjones @zeek don’t forget the #zeek!

@ckreibich pretty cool to hear that #Microsoft is incorporating #Zeek into Defender and open sourcing the work.

Check out this new story by #ICSIatBerkeley about #Zeek history: https://www.icsi.berkeley.edu/icsi/news/2023/03/zeek-impact-story

Malcolm v23.03.0 is a release with enhancements, component version updates and bug fixes.

Malcolm is a powerful, easily deployable (via Docker) network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

• Enhancements

  • Replace Zeek's misc/scan.zeek with ncsa/bro-simple-scan
  • terminate start and restart scripts once Malcolm has started properly (cisagov/Malcolm#240 and cisagov/Malcolm#241, thanks @Njinx)
  • minor usability improvements for ISO-installed Malcolm and Hedgehog (idaholab/Malcolm#155)
    • Added a "Configure Malcolm" menu item (under the "Internet" GTK menu with the other Malcolm stuff) and launcher on the top panel of icons in Malcolm. This runs ./scripts/install.py --configure in full screen. May look at starting this automatically on first boot in the future. (Malcolm)
    • Added Malcolm shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Malcolm)
    • Added /opt/sensor/sensor_ctl shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Hedgehog)
    • Have tilix from launcher panel start in /opt/sensor/sensor_ctl (Hedgehog)
  • minor tweaks to defaults for install.py --configure (enable offline-capable file scanners by default)
  • interrupt #NetBox startup import script when netbox-restore is run
  • added NetBox restore logic to reset_and_auto_populate.sh script (used mostly for demos and presentations)

• Component version updates

  • #Arkime to v4.2.0
  • OpenSearch and OpenSearch Dashboards to 2.6.0
  • Logstash from v8.4.0 to v8.6.1
  • Beats to v8.6.2
  • Zeek to v5.0.7
  • OpenSearch-Py to v2.2.0 (and remove opensearch-dsl which is now part of opensearch-py)
  • Supercronic to v0.2.2
  • Capa to v5.0.0
  • Fluent Bit to v2.0.9
  • Version updates to various Python package dependencies

• Fixes

  • last few seconds' Zeek logs prior to log rotation may be lost (idaholab/Malcolm#151)
  • in ISO-packaged Malcolm installation scripts directory, symlink netbox-backup and netbox-restore to control.py
  • improve opensearchpy connect/health check logig in pcap_watcher.py in pcap-monitor container

#Malcolm #OpenSearch #Zeek #Arkime #Suricata #PCAP #NetworkTrafficAnalysis #CyberSecurity #Cyber #Infosec #GitHub #INL #DHS #CISA #CISAgov

Check out the latest #Zeek and Spicy video from Keith Jones -- here's his playlist: https://www.youtube.com/playlist?list=PLNEVgQAFtunt8SmBf2qjXW5AZf0wkbGip

Christian wrote a detailed post explaining what's new with #Zeek 5.2.0. Check it out here: https://community.zeek.org/t/introducing-zeek-5-2/

Drodlet litt med #Zeek for å analysere nettverkstrafikk på en kompromittert VM: https://blogg.optkontek.com/post/skynett/ #infosec #norsktut

Zeek Newsletter - Issue 26 - February 2023 - Announcements - Zeek #zeek https://community.zeek.org/t/zeek-newsletter-issue-26-february-2023/6930

The February issue of the #Zeek newsletter is available. Catch up with the project and community in this fast read. https://community.zeek.org/t/zeek-newsletter-issue-26-february-2023/

The recording of the monthly #Zeek community call for March, hosted by Fatema Bannat Wala, is now live:

https://youtu.be/yrw0lZFrWNU

The recording of the monthly #Zeek community call for February, hosted by Fatema Bannat Wala, is now live:

https://youtu.be/yrw0lZFrWNU

#SecurityOnion 2.3.220 now available including:

✅ #Elastic 8.6.2
✅ #Grafana 9.2.10
✅ #FleetDM 4.27.1
✅ #Zeek 5.0.7

and more!

https://blog.securityonion.net/2023/02/security-onion-23220-now-available.html

Looking for a fun #CyberSecurity project? 😀

Want to practice your #ThreatHunting 🔍 and #IncidentResponse skills?

Install #SecurityOnion🧅2.3.220 in a VM:
https://docs.securityonion.net/en/2.3/first-time-users.html

Then follow along with our recent quick #malware analysis blog posts:
https://blog.securityonion.net/search/label/quick%20malware%20analysis

You can then stand up a production deployment and sniff live traffic from a tap or span port. You'll get NIDS alerts, protocol metadata, and full packet capture!
https://docs.securityonion.net/en/2.3/network.html

Then augment that network visibility with host visibility by deploying endpoint agents:
https://docs.securityonion.net/en/2.3/host.html

Once you find something of interest in your network or endpoint logs, you can escalate to a case:
https://docs.securityonion.net/en/2.3/cases.html

Inside the case, you can identify indicators and analyze them using Analyzers:
https://docs.securityonion.net/en/2.3/cases.html#analyzers

Looking for more documentation?

It's built into our web interface for #SecurityOnion 2.3.220 but you can also find it online at:
https://securityonion.net/docs

You can also purchase a printed copy of the documentation at https://securityonion.net/book with proceeds going to Rural Technology Fund!

The printed book also includes an inspiring foreword by @taosecurity and a 20% discount code for our certification and on-demand training!

Zeek Exercises - I have just completed this room! Check it out: https://tryhackme.com/room/zeekbroexercises #tryhackme #Zeek #Bro #Traffic Analysis #Network Monitoring #Network Forensics #PCAP #Intrusion #Detection #IDS #zeekbroexercises via @RealTryHackMe

Zeek - I have just completed this room! Check it out: https://tryhackme.com/room/zeekbro #tryhackme #Zeek #Bro #Traffic Analysis #Network Monitoring #Network Forensics #PCAP #Intrusion #Detection #IDS #Threat Hunting #zeekbro via @RealTryHackMe

@misp Did this update by any chance fix #bro #zeek export? It broke in an earlier update.

If your Security Onion install is still on Ubuntu 18.04 you should upgrade soon as support ends in April. Here's a guide from #SecurityOnion on how to do so:
https://blog.securityonion.net/2023/02/ubuntu-1804-reaches-end-of-ubuntu.html

#SecurityOnion #Ubuntu1804 #Update #EoL #EndOfLife #April #Ubuntu #Zeek #BlueTeam