Skip to main content

A plugin to enable threatbus communication with Zeek network monitor.

Project description

Threat Bus Zeek Plugin

PyPI Status Build Status License

A Threat Bus plugin that enables communication to Zeek.

Installation

pip install threatbus-zeek

Prerequisites

Install Broker on the Threat Bus host

The plugin uses the Broker python bindings to enable communication with Zeek. You have to install Broker and bindings to use this plugin.

Configuration

The plugin starts a listening Broker endpoint. The endpoint characteristics for listening can be cofigure as follows:

...
plugins:
  apps:
    zeek:
      host: "127.0.0.1"
      port: 47761
      module_namespace: Tenzir
...

Threat Bus Zeek Script

Threat Bus is a pub/sub broker for threat intelligence data. Applications, like Zeek, have to register themselves at the bus. Hence, load this Zeek script into your Zeek installation to make it aware of Threat Bus.

The script can be configured via certain options for setting topic names or requesting an intel snapshot:

zeek -i <INTERFACE> -C ./apps/zeek/threatbus.zeek -- "Tenzir::snapshot_intel=-30 days"

License

Threat Bus comes with a 3-clause BSD license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for threatbus-zeek, version 2021.9.30
Filename, size File type Python version Upload date Hashes
Filename, size threatbus_zeek-2021.9.30-py3-none-any.whl (8.9 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size threatbus-zeek-2021.9.30.tar.gz (9.2 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page