{"id":422,"date":"2025-07-03T02:58:28","date_gmt":"2025-07-03T02:58:28","guid":{"rendered":"https:\/\/epbrtcybersecurityportfolio.xyz\/?p=422"},"modified":"2025-07-03T02:58:28","modified_gmt":"2025-07-03T02:58:28","slug":"zeek-script-part-1","status":"publish","type":"post","link":"https:\/\/epbrtcybersecurityportfolio.xyz\/?p=422","title":{"rendered":"Zeek Script Part 1"},"content":{"rendered":"\n

Objectives<\/strong>
This exercise involves creating and running a very basic Zeek script.<\/p>\n\n\n\n

Exercise 1<\/strong>
Description: In this first exercise, we will create the traditional \u201cHello, World!\u201d that is typical of a first attempt at programming in a new language.<\/strong><\/p>\n\n\n\n

Using any editor of your choice that is installed on the VM, please create a script that will generate the string \u201cHello, World!\u201d at the console when it is executed with Zeek.<\/strong><\/p>\n\n\n\n

Since Zeek is a C-like language, it shares many very familiar syntactical and grammatical similarities. A list of a few similarities is:<\/p>\n\n\n\n

\u2022 Functions and events are defined using a type, a name, and a parameter list.
\u2022 Parameter lists are contained within parentheses.
\u2022 The types of all variables passed as parameters must be defined.
\u2022 The end of a statement is delimited with a semicolon ;<\/code>.
\u2022 Sections of code are all contained within curly-braces {}<\/code>.<\/p>\n\n\n\n

The first step is to create a file to put my script into. I am going to name my script first.zeek.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The next step is to determine which Zeek events will serve my needs. I want an event that will fire every time Zeek starts up.<\/p>\n\n\n\n

After searching through the Zeek documentation, I found an event called “zeek_init()” that seems to be the correct event. It is triggered every time Zeek starts.<\/p>\n\n\n\n

Regarding Module Name, my SEC 503 very strongly recommended that I develop the habit of prefixing all of my scripts with the module keyword and a name (example: module MyFirstScript;)<\/p>\n\n\n\n

This statement defines a namespace within which all of my global variables, functions, and events exist. When I do this, other scripts can still access my global variables, functions, and events by prefixing them with the MyFirstScript:: namespace operator, and it protects me from inadvertently overwriting existing variables, events, and functions in the global namespace.<\/p>\n\n\n\n

With the event information, I simply need to define my event and instruct Zeek as to what it should do when the event fires. In my case I want Zeek to print out “Hello, world!” when Zeek runs.<\/p>\n\n\n\n

Putting it all together:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Let’s test this script and see if it runs properly:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

It worked!!!<\/p>\n","protected":false},"excerpt":{"rendered":"

ObjectivesThis exercise involves creating and running a very basic Zeek script. Exercise 1Description: In this first exercise, we will create the traditional \u201cHello, World!\u201d that is typical of a first attempt at programming in a new language. Using any editor of your choice that is installed on the VM, please create a script that will […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-422","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/epbrtcybersecurityportfolio.xyz\/index.php?rest_route=\/wp\/v2\/posts\/422","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/epbrtcybersecurityportfolio.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/epbrtcybersecurityportfolio.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/epbrtcybersecurityportfolio.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/epbrtcybersecurityportfolio.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=422"}],"version-history":[{"count":5,"href":"https:\/\/epbrtcybersecurityportfolio.xyz\/index.php?rest_route=\/wp\/v2\/posts\/422\/revisions"}],"predecessor-version":[{"id":436,"href":"https:\/\/epbrtcybersecurityportfolio.xyz\/index.php?rest_route=\/wp\/v2\/posts\/422\/revisions\/436"}],"wp:attachment":[{"href":"https:\/\/epbrtcybersecurityportfolio.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=422"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/epbrtcybersecurityportfolio.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=422"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/epbrtcybersecurityportfolio.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=422"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}