This scenario serves guide on how to:
Detect Eternalblue attacks using Zeek or Bro.
OBJECTIVES AND OUTCOME:
After completing this scenario, you will be able to:
Configure Zeek to detect possible Eternalblue attacks.
In order to get the full benefit from this scenario, it is suggested that you have competencies in the following areas:
– Basic Linux administration.
– Configuration of Zeek.
– Configuration of ELK stack.
It is suggested that you consult with these recommended reading resources and pre-existing scenarios:
– Configuring Zeek/BRO IDS
– Integrating Zeek/Bro IDS with ELK Stack
This scenario was created by Sathish Govindharajan.