Detecting Eternalblue Attack using Zeek or Bro
SCENARIO INFORMATION
DESCRIPTION:
This scenario serves guide on how to:
Detect Eternalblue attacks using Zeek or Bro.
OBJECTIVES AND OUTCOME:
After completing this scenario, you will be able to:
Configure Zeek to detect possible Eternalblue attacks.
PRE-REQUISITES:
In order to get the full benefit from this scenario, it is suggested that you have competencies in the following areas:
– Basic Linux administration.
– Configuration of Zeek.
– Configuration of ELK stack.
RECOMMENDED READING:
It is suggested that you consult with these recommended reading resources and pre-existing scenarios:
– Configuring Zeek/BRO IDS
– Integrating Zeek/Bro IDS with ELK Stack
AUTHOR
This scenario was created by Sathish Govindharajan.