We currently have coverage for raw packets, pop3, and dns (in a fashion). It would be good to expand our coverage to other major protocols. I'm currently thinking at least the following:
DNS again (using the buffer splitter code in the pop3 fuzzer)
HTTP
ICMP
SMTP
On top of that, we should take a look at the coverage statistics we're getting from oss-fuzz and determine where the ga
A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.
BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.
We currently have coverage for raw packets, pop3, and dns (in a fashion). It would be good to expand our coverage to other major protocols. I'm currently thinking at least the following:
On top of that, we should take a look at the coverage statistics we're getting from oss-fuzz and determine where the ga