intel-extensions

https://github.com/J-Gras/intel-extensions
5 11 3 0 Last Push 3/1/22, 11:30 AM

Intel Extensions

This package provides extensions for Zeek's intelligence framework. It implements the following functionalities:

  • Remote management of intelligence items (using broker).
  • Preservation of files associated with an intel hit.
  • Intelligence expiration on per item basis. Per item expiration has been moved to a separate package.
  • Support for <IP>:<Port> indicators. Support for <IP>:<Port> indicators has been moved to a separate package.

Installation

The scripts are available as package for the Zeek Package Manager and can be installed using the following command: zkg install intel-extensions

Usage

None of the scripts is loaded by default, i.e. zkg load intel-extensions does not enable any functionality. To load all scripts, add the following to your local.zeek:

@load packages
@load packages/intel-extensions/remote_control.zeek
@load packages/intel-extensions/preserve_files.zeek

Package Version :

Description :

Extensions for Zeek's intelligence framework.

Script Dir :

scripts

Test Command :

cd testing && btest -d

Depends :

zeek >=3.0

Tags :

remote control, intel, preserve files

Description :

Extensions for Bro's intelligence framework.

Script Dir :

scripts

Tags :

removal, intel, expiration, preserve files

Description :

Extensions for Bro's intelligence framework.

Script Dir :

scripts

Tags :

removal, intel, expiration, preserve files

Description :

Extensions for Bro's intelligence framework.

Script Dir :

scripts

Tags :

removal, intel, expiration, preserve files

Description :

Extensions for Bro's intelligence framework.

Script Dir :

scripts

Tags :

removal, intel, preserve files