zeek_redefs: (WIP) Common 'redef'initions for Zeek when processing PCAPs
In hrbrmstr/zeekr: Tools to Make Analyses Using Zeek Easier
Description
Zeek is great out-of-the-box, but you may need to tweak behavior
every now and then to perform analyses on the Zeek logs.
Details
-
redef Log::default_scope_sep = "_" will turn dots (".") in column
names to underscores ("_"). This will make many "big data" environments
much more pleasant to deal with.
-
redef FileExtraction::path = "/some/where/else" will reconfigure where
Zeek's output files go.
-
redef FTP::default_capture_password = T will turn off Zeek's default
masking of FTP passwords.
-
redef HTTP::default_capture_password=T will turn off Zeek's default
state of not capturing HTTP passwords.
-
redef Intel::read_files += { "/opt/zeek_file_badlist.txt" } will load in
custom IoCs (see the Intelligence Framework)
for more info.
hrbrmstr/zeekr documentation built on Dec. 20, 2021, 4:49 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Description
Zeek is great out-of-the-box, but you may need to tweak behavior every now and then to perform analyses on the Zeek logs.
Details
-
redef Log::default_scope_sep = "_"will turn dots (".") in column names to underscores ("_"). This will make many "big data" environments much more pleasant to deal with. -
redef FileExtraction::path = "/some/where/else"will reconfigure where Zeek's output files go. -
redef FTP::default_capture_password = Twill turn off Zeek's default masking of FTP passwords. -
redef HTTP::default_capture_password=Twill turn off Zeek's default state of not capturing HTTP passwords. -
redef Intel::read_files += { "/opt/zeek_file_badlist.txt" }will load in custom IoCs (see the Intelligence Framework) for more info.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.