GitHub - blacktop/docker-zeek: Zeek IDS Dockerfile

docker-zeek

Zeek Network Security Monitor Dockerfile

Table of Contents

Dependencies
Image Tags
Installation
Getting Started
Documentation
Issues
License

Dependencies

alpine:3.14

Image Tags

$ docker images

REPOSITORY           TAG          SIZE
blacktop/zeek        latest       65.6MB
blacktop/zeek        5.1          65.6MB
blacktop/zeek        4.1          65.6MB
blacktop/zeek        4.0          41.6MB
blacktop/zeek        3.2          41.6MB
blacktop/zeek        3.1          39MB
blacktop/zeek        3.0          39MB
blacktop/zeek        elastic      129MB
blacktop/zeek        kafka        70.7MB
blacktop/zeek        zeekctl      84MB

Installation

Install Docker.
Download trusted build from public Docker Registry: docker pull blacktop/zeek

Getting Started

$ wget https://github.com/blacktop/docker-zeek/raw/master/pcap/heartbleed.pcap
$ wget https://github.com/blacktop/docker-zeek/raw/master/3.0/local.zeek
$ docker run --rm \
         -v `pwd`:/pcap \
         -v `pwd`/local.zeek:/usr/local/zeek/share/zeek/site/local.zeek \
         blacktop/zeek -r heartbleed.pcap local "Site::local_nets += { 192.168.11.0/24 }"

$ ls -l

-rw-r--r--  1 blacktop  staff   635B Jul 30 12:11 conn.log
-rw-r--r--  1 blacktop  staff   754B Jul 30 12:11 files.log
-rw-r--r--  1 blacktop  staff   384B Jul 30 12:11 known_certs.log
-rw-r--r--  1 blacktop  staff   239B Jul 30 12:11 known_hosts.log
-rw-r--r--  1 blacktop  staff   271B Jul 30 12:11 known_services.log
-rw-r--r--  1 blacktop  staff    17K Jul 30 12:11 loaded_scripts.log
-rw-r--r--  1 blacktop  staff   1.9K Jul 30 12:11 notice.log <====== NOTICE
-rw-r--r--  1 blacktop  staff   253B Jul 30 12:11 packet_filter.log
-rw-r--r--  1 blacktop  staff   1.2K Jul 30 12:11 ssl.log
-rw-r--r--  1 blacktop  staff   901B Jul 30 12:11 x509.log

$ cat notice.log | awk '{ print $11 }' | tail -n4

Heartbleed::SSL_Heartbeat_Attack
Heartbleed::SSL_Heartbeat_Odd_Length
Heartbleed::SSL_Heartbeat_Attack_Success

Documentation

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

Name		Name	Last commit message	Last commit date
Latest commit History 115 Commits
.github		.github
3.0		3.0
3.1		3.1
3.2		3.2
4.0		4.0
4.1		4.1
5.1		5.1
docs		docs
elastic		elastic
kafka		kafka
maxmind		maxmind
pcap		pcap
scripts		scripts
zeekctl		zeekctl
.gitignore		.gitignore
LATEST		LATEST
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
docker-compose.elastic.yml		docker-compose.elastic.yml
docker-compose.live.yml		docker-compose.live.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

docker-zeek

Dependencies

Image Tags

Installation

Getting Started

Documentation

Issues

License

About

Releases

Sponsor this project

Packages

Contributors 6

Languages

License

blacktop/docker-zeek

Folders and files

Latest commit

History

Repository files navigation

docker-zeek

Dependencies

Image Tags

Installation

Getting Started

Documentation

Issues

License

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Sponsor this project

Packages 0

Contributors 6

Languages

Packages