bat 0.3.9

Zeek Analysis Tools

Zeek Analysis Tools (ZAT)

The ZAT Python package supports the processing and analysis of Zeek data with Pandas, scikit-learn, and Spark

Recent Improvements (Fall 2019):

• Renamed to Zeek Analysis Tools :)
• Better Docs (https://supercowpowers.github.io/zat/)
• Faster/Smaller Pandas Dataframes for large log files: Large Dataframes
• Better Panda Dataframe to Matrix (ndarray) support: Dataframe To Matrix
• Scalable conversion from Zeek logs to Parquet: Zeek to Parquet
• Vastly improved Spark Dataframe Class: Zeek to Spark
• Updated/improved Notebooks: Analysis Notebooks

BroCon 2017 Presentation

Data Analysis, Machine Learning, Bro, and You! (Video)

Why ZAT?

Zeek already has a flexible, powerful scripting language why should I use ZAT?

Offloading: Running complex tasks like statistics, state machines, machine learning, etc.. should be offloaded from Zeek so that Zeek can focus on the efficient processing of high volume network traffic.

Data Analysis: We have a large set of support classes that help bridge from raw Zeek data to packages like Pandas, scikit-learn, and Spark. We also have example notebooks that show step-by-step how to get from here to there.

Getting Started

• Examples of Using ZAT

Analysis Notebooks

• Zeek to Scikit-Learn
• Zeek to Parquet
• Zeek to Spark
• Spark Clustering
• Zeek to Kafka
• Zeek to Kafka to Spark
• Clustering: Picking K (or not)
• Anomaly Detection Exploration
• Risky Domains Stats and Deployment
• Zeek to Matplotlib

Install

$ pip install zat

Documentation

https://supercowpowers.github.io/zat/

About SuperCowPowers

The company was formed so that its developers could follow their passion for Python, streaming data pipelines and having fun with data analysis. We also think cows are cool and should be superheros or at least carry around rayguns and burner phones. Visit SuperCowPowers