You Cannot Defend What You Cannot See: Gaining Insight into Proprietary Protocols through Custom Parsers with Zeek
A vital component of any information security architecture is a network intrusion detection capability. Commercial network intrusion toolsets come preloaded with parsers to deconstruct common network traffic types into segments that can be analyzed for abnormal activity. These parsers are limited...