Ubuntu 22 Server
sftp splunk file

APPs
  cyberchef
  pcap anlayzer
  splunk stream
  Network Diagram Viz

DATA
 BotsV1
 BotsV2
 BotsV3

2 cables
  span

- Zeek https://medium.com/@cybertoolguardian/zeek-installation-in-ubuntu-60835ee3e42c
REMEBER TO TURN PORTS ON, ENS192 STARTED DOWN, You'll get a "zeek started and immediately stopped" message if it's down
    ip link set ensXXXX up

- Suricata https://docs.suricata.io/en/latest/quickstart.html

REPORTS
- Add all sigma rules https://github.com/SigmaHQ/sigma/tree/master/rules/windows/
- add all mitre rules


Remote Windows host
https://www.activecountermeasures.com/building-and-running-zeek-on-windows-server-2022/