PLEASE NOTE: This course is not yet completed and is actively being worked on.
MODULE 1: Foundations
Lesson 1.1: Zeek Ecosystem Overview
- Part 1 - The Evolution of Zeek
- Part 2 - Understanding Zeek’s Philosophical Foundation
- Part 3 - Zeek in the Network Security Tool Ecosystem
- Part 4 - The Zeek Community and Ecosystem
- Part 5 - Practical Exercises
- Part 6 - Knowledge Validation
Lesson 1.2: Architecture Deep Dive
- Part 1 - The Single-Instance Processing Pipeline
- Part 2 - Cluster Architecture
- Part 3 - Memory Management and Performance Optimization
- Part 4 - Practical Exercises
- Part 5 - Knowledge Validation
Lesson 1.3: Installation + Deployment
- Part 1 - Preparing Your Installation Environment
- Part 2 - Installation Method 1: Package Manager
- Part 3 - Installation Method 2: Compiling From Source
- Part 4 - Installation Method 3: Docker Container
- Part 5 - Configuration + Initial Setup
- Part 6 - Starting Zeek and Capturing Your First Traffic
- Part 7 - Basic Operations + Management
- Part 8 - Practical Exercises
- Part 9 - Knowledge Validation
MODULE 2: Zeek Scripting Fundamentals
Lesson 2.1: Script Language Basics
Part 1 - Intro to Zeek Scripting Basics
Part 2 - Scalar Types: Single Values
- Introduction: Understanding Scalar Types in Zeek
- The Count Type: Non-Negative Integers
- The int Type: Signed Integers
- The addr Type: IP Addresses
- The subnet Type: Network Ranges
- The port Type: Network Ports
- The time Type: Timestamps
- The interval Type: Time Durations
- The string Type: Text Data
- The bool Type: Boolean Values
- Scalar Types Conclusion
Part 3 - Complex Types: Structured Data
- Introduction: Complex Types
- The table Type: Key-Value Mappings
- The set Type: Unique Collections
- The record Type: Structured Composite Data
- The vector Type Ordered Collections
- Complex Types Conclusion