Browsing tag
A powerful framework for network traffic analysis and security monitoring.Key Features — Documentation — Getting Started — Development — License Follow us on Twitter at @zeekurity. Key Features In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis at the application layer. Adaptable and Flexible Zeek’s domain-specific scripting language enables site-specific […]
Detection Methods An IDS can only detect an attack. It cannot prevent attacks. In contrast, an IPS prevents attacks by detecting them and stopping them before they reach the target. An attack is an attempt to compromise confidentiality, integrity, or availability.The two primary methods of detection are signature-based and anomaly-based. Any type of IDS (HIDS […]
Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts […]
Network Security Monitoring (NSM) is, put simply, monitoring your network for security related events. It might be proactive, when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. Whether you’re tracking an adversary or trying to keep malware at bay, NSM provides context, […]
SQL Injection (SQLi) attacks have been around for over a decade. You might wonder why they are still so prevalent. The main reason is that they still work on quite a few web application targets. In fact, according to Veracode’s 2014 State of Security Software Report , SQL injection vulnerabilities still plague 32% of all […]