Zeek is a very good tool for analyzing network flows and one of its great strengths is, in my opinion, the fact that it is possible to easily adapt it to your environment.

All this is done through the use of a scripting language. A good place to start learning is “https://docs.zeek.org/en/master/scripting/index.html"

However, in addition to the people from “Corelight”, there is a whole community established around the tool. Thanks to all these people, there is a plethora of scripts already available. Here’s where to start, https://packages.zeek.org/ but we’ll talk about that very soon.

Regards.