A plugin to enable threatbus communication with Zeek network monitor.
Threat Bus Zeek Plugin
A Threat Bus plugin that enables communication to Zeek.
pip install threatbus-zeek
Install Broker on the Threat Bus host
The plugin uses the Broker python bindings to enable communication with Zeek. You have to install Broker and bindings to use this plugin.
The plugin starts a listening Broker endpoint. The endpoint characteristics for listening can be cofigure as follows:
... plugins: apps: zeek: host: "127.0.0.1" port: 47761 module_namespace: Tenzir ...
Threat Bus Zeek Script
Threat Bus is a pub/sub broker for threat intelligence data. Applications, like Zeek, have to register themselves at the bus. Hence, load this Zeek script into your Zeek installation to make it aware of Threat Bus.
The script can be configured via certain
options for setting topic names or
requesting an intel snapshot:
zeek -i <INTERFACE> -C ./apps/zeek/threatbus.zeek -- "Tenzir::snapshot_intel=-30 days"
Threat Bus comes with a 3-clause BSD license.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size threatbus_zeek-2020.1.31-py3-none-any.whl (9.8 kB)||File type Wheel||Python version py3||Upload date||Hashes View hashes|
|Filename, size threatbus-zeek-2020.1.31.tar.gz (10.3 kB)||File type Source||Python version None||Upload date||Hashes View hashes|
Hashes for threatbus_zeek-2020.1.31-py3-none-any.whl