Using Bro and TimeMachine for Incident Response

Note: Our current website is at www.zeek.org. This website is unmaintained and contains outdated information.

Abstract

The Bro integration in TimeMachine lets you automatically trigger historical packet dumps for compromised machines. This enables you to not only see exactly what a compromised machine is doing, but how it was initially compromised.

Quick Links

Upcoming Events

13 February 2020: Ask the Zeeksperts - Aashish Sharma
18 February 2020 - Portland OR: Zeek Days Workshops
27 February 2020: Ask the Zeeksperts
7-9 October 2020 - Austin, Texas: ZeekWeek 2020

All Events

Zeek YouTube channel

Try Zeek in your browser

Internal Pages

TOP

Page Contents

Quick Links

Twitter @zeekurity

Blog

Search

Resources

Partners

About

Major Supporters