- Introduction
-
Why NTA? Why NDR? Why Zeek? Why Corelight?
-
Help as needed
- Labs
-
Intro to Labs - How to Access and Use
-
Lab URL
- Administration
-
Where does Corelight Fit Into Your Network?
-
Corelight/Zeek Log CheatSheets
-
Hardware, Virtual, and Cloud Sensors
-
Lab: Explore the Sensor
-
Diagnostic Shell
-
Lab: Explore the Diagnostic Shell
-
Monitoring the Sensor and API Introduction
-
Lab: API
-
Deploying Fleet Manager
-
Managing Fleet Manager
-
Lab: Fleet Manager
- Analyst
-
Deep Dive Into Logs - conn.log
-
Deep Dive into logs - dns.log
-
Deep Dive Into Logs - http.log
-
Deep Dive Into Logs - ssl.log / x509.log
-
Deep Dive Into Logs - files.log
-
Deep Dive Into Logs - Windows Protocols
-
Deep Dive Into Logs - Meta logs
-
Lab: Logs
-
Encrypted Traffic Collection (ETC)
-
Command and Control (C2)
-
Using Corelight Data for Incident Response
-
Lab: IR CTF
-
Using Corelight for Threat Hunting
-
Lab: Threat Hunting
- Other
-
Threat Hunting with Investigator
-
Levels of Zeek
-
Analyzer Architecture
-
Introduction to Suricata
-
Introduction to SmartPCAP
-
Intro to Zeek Scripting
-
Lab: Modifying Zeek Scripts
-
Lab: Zeek Scripting
Gold - Customer Training
Training from the Zeek experts
Training from the Zeek experts
While thousands of organizations around the world use Zeek, no one knows Zeek better than Corelight. Our founders created the open-source project and have led the effort to extend, improve and scale it over the last 25 years. Now, you can tap Corelight’s expertise to help your organization discover the powerful advantages of Zeek. Whether you’re just getting to know Zeek or you’re an expert optimizing your Corelight deployment, we can help.
This course takes incident responders, threat hunters and pen testers, who are new to Zeek and teaches them everything they need to know to start using this powerful tool. Covers the need for network monitoring, the implementation of Corelight sensors, and the value of Zeek data.