Is zeek the best tool to analyze pcaps in my SOC? #10773

iqworks · 2023-07-15T15:13:12Z

iqworks
Jul 15, 2023

I am trying to analyze my wireshark pcaps in security onion with kibana and hunt. I have found links and videos. I see some mentions of zeek. I am trying to put this into perspective.

Thanks for any help or advice

Answered by iqworks

Jul 17, 2023

I found this link - https://github.com/Security-Onion-Solutions/securityonion/discussions/5830
and saw this
"If you chose Suricata instead of Zeek for metadata, then there is no reason for Zeek to run. "
Thanks Doug

View full answer

iqworks · 2023-07-17T15:10:08Z

iqworks
Jul 17, 2023
Author

I found this link - https://github.com/Security-Onion-Solutions/securityonion/discussions/5830
and saw this
"If you chose Suricata instead of Zeek for metadata, then there is no reason for Zeek to run. "
Thanks Doug

0 replies

iqworks · 2023-07-17T15:12:06Z

iqworks
Jul 17, 2023
Author

I found this link - https://github.com/Security-Onion-Solutions/securityonion/discussions/5830
and saw this
"If you chose Suricata instead of Zeek for metadata, then there is no reason for Zeek to run. "
Thanks Doug

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Is zeek the best tool to analyze pcaps in my SOC? #10773

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Is zeek the best tool to analyze pcaps in my SOC? #10773

Uh oh!

iqworks Jul 15, 2023

Replies: 2 comments

Uh oh!

iqworks Jul 17, 2023 Author

Uh oh!

iqworks Jul 17, 2023 Author

iqworks
Jul 15, 2023

iqworks
Jul 17, 2023
Author

iqworks
Jul 17, 2023
Author