Swarm-SecOps – Network Security Monitoringby Swarm-SecOps
We use Zeek as a network security monitor to support investigations of suspicious or malicious activity. Zeek is a passive, open-source network traffic analyzer. Zeek creates an extensive set of logs describing network activity. These logs include not only a comprehensive record of every connection seen on the wire, but also application-layer transcripts. These include all HTTP sessions with their requested URIs, key headers, MIME types, and server responses; DNS requests with replies; SSL certificates; key content of SMTP sessions; and much more.