Zeek Agent

#Operations Management#Endpoint Security

AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.

Zeek Agent: An Endpoint Monitoring Tool

Zeek Agent is a monitoring tool designed for endpoints running on Linux and macOS. It captures and reports events related to files, sockets, and processes to the Zeek system.

Event Data Capture from Linux and macOS Systems

It captures event data from Linux Audit through the Unix domain socket plugin and from macOS using the Endpoint Security framework. The collected event data is stored in an SQL database and is later retrieved by Zeek through scheduled queries.

Integration with osquery for Endpoint Information Access

It can also interface with osquery to retrieve endpoint information. Pre-built packages are available on the releases page.

The Zeek Agent Framework Offers Enhanced API Access

The Zeek Agent Framework offers API access to Zeek Agents, along with default scripts that facilitate the recording of endpoint activity in Zeek logs.

Other AI Tools

Procmon for Linux

Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.

Details

Panther Detections

Python application to translate Zeek logs into ElasticSearch's bulk load JSON format with detailed instructions and features.

Details

PowerGRR

Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.

Details

Palantir osquery Configuration

Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.

Details