Home Commands Tools Labs Defense Center Learning Paths Quizzes Challenges CTF Hubs Premium Log in

Library

Command reference

Search the live database for syntax, tools, use cases, tags, MITRE context, and safe lab-ready command examples.

140 results Clear filters
Defensive Intermediate Free

Review high priority Suricata signatures.

Review high priority Suricata signatures.

jq 'select(.alert.severity<=2) | .alert.signature' eve.json
suricata detection-engineering expanded-library
Suricata / Detection Engineering Open
Defensive Intermediate Free

Validate the main Suricata configuration.

Validate the main Suricata configuration.

suricata -T -c suricata.yaml
suricata detection-engineering expanded-library
Suricata / Detection Engineering Open
Defensive Advanced Premium

Process a packet capture with Zeek local policy.

Process a packet capture with Zeek local policy.

zeek -r sample.pcap local
zeek network-monitoring expanded-library
Zeek / Network Monitoring Open
Defensive Advanced Premium

Summarize network services from Zeek connection logs.

Summarize network services from Zeek connection logs.

zeek-cut id.orig_h id.resp_h service < conn.log | sort | uniq -c
zeek network-monitoring expanded-library
Zeek / Network Monitoring Open
Defensive Advanced Premium

Inspect DNS queries and answers.

Inspect DNS queries and answers.

zeek-cut query answers < dns.log | head
zeek network-monitoring expanded-library
Zeek / Network Monitoring Open
Defensive Advanced Premium

Summarize HTTP hosts, URIs, and status codes.

Summarize HTTP hosts, URIs, and status codes.

zeek-cut host uri status_code < http.log | sort | uniq -c
zeek network-monitoring expanded-library
Zeek / Network Monitoring Open
Defensive Advanced Premium

Check Zeek sensor status.

Check Zeek sensor status.

zeekctl status
zeek network-monitoring expanded-library
Zeek / Network Monitoring Open
Defensive Advanced Premium

Deploy Zeek configuration updates.

Deploy Zeek configuration updates.

zeekctl deploy
zeek network-monitoring expanded-library
Zeek / Network Monitoring Open
Defensive Advanced Premium

Review TLS session endpoints.

Review TLS session endpoints.

zeek-cut uid id.orig_h id.resp_h < ssl.log
zeek network-monitoring expanded-library
Zeek / Network Monitoring Open
Defensive Advanced Premium

Inspect observed transferred files.

Inspect observed transferred files.

zeek-cut fuid filename mime_type < files.log
zeek network-monitoring expanded-library
Zeek / Network Monitoring Open
Defensive Advanced Premium

Run a custom Zeek script against a capture.

Run a custom Zeek script against a capture.

zeek -Cr traffic.pcap scripts/detect-suspicious-dns.zeek
zeek network-monitoring expanded-library
Zeek / Network Monitoring Open
Defensive Advanced Premium

Review Zeek notices and messages.

Review Zeek notices and messages.

cat notice.log | zeek-cut note msg sub
zeek network-monitoring expanded-library
Zeek / Network Monitoring Open