Prerequisites

To follow this course, installing recent versions of Zeek and Spicy is required (at least zeek-6.0 and spicy-1.8). The Zeek documentation shows the different ways Zeek can be installed.

In addition we require:

a text editor to write Spicy code
a C++ compiler to compile Spicy code and Zeek plugins
CMake for developing Zeek plugins with Spicy
development headers for libpcap to compile Zeek plugins

Docker images

The Zeek project provides Docker images.

A simplified approach for experimentation is to use the Zeek playground repository which offers an environment integrated with Visual Studio Code. Either clone the project and open it locally in Visual Studio Code and install the recommended plugins, or open it directly in a Github Codespace from the Github repository view.

A note on exercise hints and solutions

We include hints or solutions for many exercises. By default they are displayed, but in collapsed form.

Example

Hint

A hint

Solution

A solution

If you would prefer even less temptation they can be toggled completely by pressing F10 (try it now).

Introduction to Spicy

Prerequisites

Docker images

Zeek playground

A note on exercise hints and solutions