Project management for open port analysis and attack detection using Zeek

Abstract

A Zeek-based project for open port analysis and attack detection is presented. The methodology combines Waterfall with short MVP cycles and formal metrics. Zeek logs (conn, dns, notice) are correlated by UID, providing traceability and forensic reconstruction. The project's novelty lies in integrating an MVP into the Waterfall, with metric-based thresholds and replicated telemetry. We note that Zeek's extensive logging and built-in detection mechanisms make it a powerful network monitoring tool. We recommend that practitioners integrate Zeek with centralized log analysis systems (ELK/SIEM) for event correlation and automated alerts. Even a minimal Zeek configuration has been shown to reliably detect open port scans. These results highlight the value of structured project management for the rapid and predictable development of cybersecurity solutions. The prototype achieved F1 = 0.78 and MTTD ≈ 3 min, confirming measurable improvement within a hybrid Waterfall–MVP framework.