Skip to content
/ intel-extensions Public

Extensions for Zeek's Intelligence Framework.

License

BSD-3-Clause license
11 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

J-Gras/intel-extensions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
scripts
scripts
 
 
testing
testing
 
 
utils
utils
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
zkg.meta
zkg.meta
 
 

Repository files navigation

Intel Extensions

This package provides extensions for Zeek's intelligence framework. It implements the following functionalities:

  • Remote management of intelligence items (using broker).
  • Preservation of files associated with an intel hit.
  • Intelligence expiration on per item basis. Per item expiration has been moved to a separate package.
  • Support for <IP>:<Port> indicators. Support for <IP>:<Port> indicators has been moved to a separate package.

Installation

The scripts are available as package for the Zeek Package Manager and can be installed using the following command: zkg install intel-extensions

Usage

None of the scripts is loaded by default, i.e. zkg load intel-extensions does not enable any functionality. To load all scripts, add the following to your local.zeek:

@load packages
@load packages/intel-extensions/remote_control.zeek
@load packages/intel-extensions/preserve_files.zeek

About

Extensions for Zeek's Intelligence Framework.

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

11 stars

Watchers

5 watching

Forks

3 forks
Report repository

Releases 1

Zeekified intel-extensions. Latest
Mar 1, 2022

Languages