I completed the Zeek Exercises room on TryHackMe, which gave me hands-on practice using Zeek to analyze network traffic and investigate potential security incidents. Unlike the introductory Zeek rooms, this one focused on applying what I’d learned by answering questions and solving problems using real packet captures. I practiced parsing Zeek logs for different protocols like DNS, HTTP, and SSL, counting unique connections, spotting anomalies, and identifying unusual activity on the network.
By working through these exercises, I strengthened my ability to turn raw network data into actionable insights. I learned how to quickly extract useful information from Zeek logs, such as which hosts were communicating with which domains, and how to spot suspicious patterns that could indicate a threat. This room really helped me understand the practical workflow of a network analyst and how Zeek can be used in real-world cybersecurity monitoring and investigations.