Skip to main content

A plugin to enable threatbus communication with Zeek network monitor.

Project description

Threat Bus Zeek Plugin

PyPI Status Build Status License

A Threat Bus plugin that enables communication to Zeek.

Installation

pip install threatbus-zeek

Prerequisites

Install Broker on the Threat Bus host

The plugin uses the Broker python bindings to enable communication with Zeek. You have to install Broker and bindings to use this plugin.

Configuration

The plugin starts a listening Broker endpoint. The endpoint characteristics for listening can be cofigure as follows:

...
plugins:
  apps:
    zeek:
      host: "127.0.0.1"
      port: 47761
      module_namespace: Tenzir
...

Threat Bus Zeek Script

Threat Bus is a pub/sub broker for threat intelligence data. Applications, like Zeek, have to register themselves at the bus. Hence, load this Zeek script into your Zeek installation to make it aware of Threat Bus.

The script can be configured via certain options for setting topic names or requesting an intel snapshot:

zeek -i <INTERFACE> -C ./apps/zeek/threatbus.zeek -- "Tenzir::snapshot_intel=-30 days"

License

Threat Bus comes with a 3-clause BSD license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for threatbus-zeek, version 2020.1.31
Filename, size File type Python version Upload date Hashes
Filename, size threatbus_zeek-2020.1.31-py3-none-any.whl (9.8 kB) File type Wheel Python version py3 Upload date Hashes View hashes
Filename, size threatbus-zeek-2020.1.31.tar.gz (10.3 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page