Zeek Package Manager
 

intel-extensions

https://github.com/J-Gras/intel-extensions
4
11
3
0
Last Push 3/1/22, 11:30 AM

Intel Extensions

This package provides extensions for Zeek's intelligence framework. It implements the following functionalities:

  • Remote management of intelligence items (using broker).
  • Preservation of files associated with an intel hit.
  • ~~Intelligence expiration on per item basis.~~ Per item expiration has been moved to a separate package.
  • ~~Support for <IP>:<Port> indicators.~~ Support for <IP>:<Port> indicators has been moved to a separate package.

Installation

The scripts are available as package for the Zeek Package Manager and can be installed using the following command: zkg install intel-extensions

Usage

None of the scripts is loaded by default, i.e. zkg load intel-extensions does not enable any functionality. To load all scripts, add the following to your local.zeek:

@load packages
@load packages/intel-extensions/remote_control.zeek
@load packages/intel-extensions/preserve_files.zeek

Package Version :

Description :

Extensions for Zeek's intelligence framework.

Script Dir :

scripts

Test Command :

cd testing && btest -d

Depends :

zeek >=3.0

Tags :

remote control, intel, preserve files

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset:

Description :

Extensions for Bro's intelligence framework.

Script Dir :

scripts

Tags :

removal, intel, expiration, preserve files

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Warnings:
intel-extensions/scripts/preserve_files.bro:21 unsafe function system
Charset:

Description :

Extensions for Bro's intelligence framework.

Script Dir :

scripts

Tags :

removal, intel, expiration, preserve files

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Warnings:
intel-extensions/scripts/preserve_files.bro:21 unsafe function system
Charset:

Description :

Extensions for Bro's intelligence framework.

Script Dir :

scripts

Tags :

removal, intel, expiration, preserve files

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Warnings:
intel-extensions/scripts/preserve_files.bro:21 unsafe function system
Charset:

Description :

Extensions for Bro's intelligence framework.

Script Dir :

scripts

Tags :

removal, intel, preserve files

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Warnings:
intel-extensions/scripts/preserve_files.bro:21 unsafe function system
Charset: