What protocols can Zeer analyze with this skill?

This skill provides configuration for dozens of protocols including HTTP, DNS, TLS, SSH, SMTP, FTP, and more, as well as file analysis and extraction.

Does this skill help with SIEM integration?

Absolutely. It covers configuring Zeek for JSON output and provides Filebeat configurations for ingestion into platforms like the ELK Stack.

Can I create my own detection logic?

Yes, the skill provides templates and examples for writing custom Zeek scripts to detect specific threats like DNS tunneling or C2 beaconing.

What is the primary advantage of using Zeek over traditional IDS?

Zeek provides high-fidelity, structured metadata logs for every connection, allowing for behavioral analysis and forensic investigation rather than just simple signature-based alerts.

Can I use this skill to process existing PCAP files?

Yes, the skill includes workflows for both live network capture and offline analysis of saved PCAP files for retrospective investigation.

Network Traffic Analysis with Zeek

Name: Network Traffic Analysis with Zeek
Author: mukul975

bymukul975

•

4,121

•

セキュリティとテスト

Deploys and configures Zeek for high-fidelity network security monitoring, metadata extraction, and automated threat detection.

This skill empowers security engineers and developers to transform raw network traffic into structured, actionable intelligence using Zeek. It provides a complete framework for deploying Zeek clusters, managing high-fidelity protocol logs (HTTP, DNS, TLS, SSH), and implementing custom behavioral detection scripts. By leveraging Zeek's passive monitoring capabilities, users can conduct deep forensic investigations, identify protocol anomalies, and integrate rich network telemetry directly into SIEM platforms like ELK or Splunk for enterprise-wide visibility.

主な機能

01Intel Framework integration for automated threat feed ingestion

024,121 GitHub stars

03SIEM-ready JSON log output and Filebeat configuration

04High-fidelity protocol logging for DNS, HTTP, and TLS

05Zeek cluster deployment and node configuration

06Custom script development for C2 beaconing and DNS tunneling detection

ユースケース

01Automating the detection of suspicious network behaviors like C2 beaconing

02Conducting post-incident forensic analysis using PCAP files

03Auditing organization-wide TLS certificate health and security protocols

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-network-traffic-analysis-with-zeek

For use in Claude.ai and ChatGPT

主な機能

01Intel Framework integration for automated threat feed ingestion

024,121 GitHub stars

03SIEM-ready JSON log output and Filebeat configuration

04High-fidelity protocol logging for DNS, HTTP, and TLS

05Zeek cluster deployment and node configuration

06Custom script development for C2 beaconing and DNS tunneling detection

ユースケース

01Automating the detection of suspicious network behaviors like C2 beaconing

02Conducting post-incident forensic analysis using PCAP files

03Auditing organization-wide TLS certificate health and security protocols

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-network-traffic-analysis-with-zeek

For use in Claude.ai and ChatGPT