zeekjs-notice-slack

https://github.com/pgaulon/zeekjs-notice-slack
2 2 0 0 Last Push 8/1/23, 2:05 PM

zeekjs-notice-slack

Add Zeek Notice via Slack webhooks using ZeekJS

Usage

Installation

Using zkg

zkg install zeekjs-notice-slack

Configuration

vagrant@ubuntu-kinetic:~$ tail -n8 /opt/zeek/share/zeek/site/local.zeek
@load ./zeekjs-notice-slack
redef Notice::slack_webhook_url = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX";
redef Notice::slack_emoji = ":eyes:";
redef Notice::slack_username = "Zeek";
hook Notice::policy(n: Notice::Info)
{
    add n$actions[Notice::ACTION_SLACK];
}

Testing

System preparation

$ git clone https://github.com/pgaulon/zeekjs-notice-slack
$ cd zeekjs-notice-slack
$ sudo /opt/zeek/bin/zkg install .

Pcap preparation

Using HTTP SQLi to generate notices via the detect-sql.zeek policy

# shell 1
$ sudo tcpdump -s0 -w /tmp/sqli.pcap -i any "port 4444"

# shell 2
python3 -m http.server 4444

# shell 3
sqlmap --url "http://127.0.0.1:4444/?aaa=1" -p aaa

Test

Sending Slack messages

$ /opt/zeek/bin/zeek -C -r /tmp/sqli.pcap /opt/zeek/share/zeek/site/local.zeek

Package Version :

Description :

Package extending the Notice Framework to include to send Notices via Slack webhooks.

Tags :

zeekjs, slack, webhook, plugin, notices

Description :

Package extending the Notice Framework to include to send Notices via Slack webhooks.

Tags :

zeekjs, slack, webhook, plugin, notices

Description :

Package extending the Notice Framework to include to send Notices via Slack webhooks.

Tags :

zeekjs, slack, webhook, zeek plugin, notices

Description :

Package extending the Notice Framework to include to send Notices via Slack webhooks.

Tags :

zeekjs, slack, webhook, zeek plugin, notices

Description :

Package extending the Notice Framework to include to send Notices via Slack webhooks.

Tags :

zeekjs, slack, webhook, zeek plugin, notices