top of page

What I Found In A Zeek Dataset (And How I Found It)

Started with a raw Zeek log β€” no SIEM, no alerts. Uncovered a Mirai botnet within hours. Found primary attacker via ICMP pings and 500K+ failed Telnet/SSH scans Traced spread across four subnets Confirmed second infected host and AWS C2 server Result: Complete threat profile from raw data alone.

Let's learn this together. Have a question, a better query, or just want to say hi? Drop a line below.

© 2026 by DataSec Chronicles. Data-Inspired, Instinct-Driven.    Privacy Policy    Terms & Conditions

bottom of page