Listen to this Post
Are you working with IDS in your ICS network? This guide walks you through setting up Zeek IDS inside Labshock, a safe space to monitor traffic, detect issues, and understand your ICS setup without the need for hardware or complex setups.
You Should Know:
1. Install Zeek on Linux:
sudo apt-get update sudo apt-get install zeek
2. Start Zeek:
zeekctl deploy
3. Monitor Traffic:
zeek -i <interface> local
4. View Logs:
cat conn.log
5. Stop Zeek:
zeekctl stop
6. Check Zeek Status:
zeekctl status
7. Update Zeek Scripts:
zeekctl check zeekctl install
8. Analyze Traffic with Zeek:
zeek -C -r <pcap_file>
9. Custom Zeek Script:
@load policy/tuning/json-logs
event zeek_init() {
Log::add_filter(Conn::LOG, [$name="conn-json", $path="conn_json"]);
}
10. Join OT SIEM Discord for Support:
11. Explore Labshock on GitHub:
12. OT SIEM Leveling Guide 1-60:
What Undercode Say:
Zeek is a powerful tool for network monitoring and intrusion detection, especially in ICS environments. By using Labshock, you can safely experiment and learn without risking your operational network. The commands provided will help you get started with Zeek, monitor traffic, and analyze logs effectively. For further learning, explore the GitHub repository and join the OT SIEM Discord community. Always ensure your scripts and configurations are up-to-date to maintain optimal security.
References:
Reported By: Zakharb Practical – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
