A plugin to enable threatbus communication with Zeek network monitor.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tenzir from gravatar.com tenzir

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD 3-clause)
  • Author: Tenzir
  • Tags Zeek , intrusion detection , IDS , broker , NSM , network security monitoring , threatbus , Threat Bus , threat intelligence , TI , TI dissemination
  • Requires: Python >=3.7
Classifiers
Report project as malware

Project description

Threat Bus Zeek Plugin

PyPI Status Build Status License

A Threat Bus plugin that enables communication to Zeek.

Installation

pip install threatbus-zeek

Prerequisites

Install Broker on the Threat Bus host

The plugin uses the Broker python bindings to enable communication with Zeek. You have to install Broker and bindings to use this plugin.

Configuration

The plugin starts a listening Broker endpoint. The endpoint characteristics for listening can be cofigure as follows:

...
plugins:
  apps:
    zeek:
      host: "127.0.0.1"
      port: 47761
      module_namespace: Tenzir
...

Threat Bus Zeek Script

Threat Bus is a pub/sub broker for threat intelligence data. Applications, like Zeek, have to register themselves at the bus. Hence, load this Zeek script into your Zeek installation to make it aware of Threat Bus.

The script can be configured via certain options for setting topic names or requesting an intel snapshot:

zeek -i <INTERFACE> -C ./apps/zeek/threatbus.zeek -- "Tenzir::snapshot_intel=-30 days"

License

Threat Bus comes with a 3-clause BSD license.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tenzir from gravatar.com tenzir

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD 3-clause)
  • Author: Tenzir
  • Tags Zeek , intrusion detection , IDS , broker , NSM , network security monitoring , threatbus , Threat Bus , threat intelligence , TI , TI dissemination
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

This version

2022.5.16

2022.1.27

2021.12.16

2021.11.22

2021.11.18

2021.9.30

2021.8.26

2021.7.29

2021.6.24

2021.5.27

2021.4.29

2021.3.25

2021.2.24

2020.12.16

2020.11.26

2020.10.29

2020.9.30

2020.7.28

2020.6.25

2020.5.28

2020.4.29

2020.2.27

2020.1.31

0.3.2

0.3.1

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

threatbus-zeek-2022.5.16.tar.gz (9.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

threatbus_zeek-2022.5.16-py3-none-any.whl (8.9 kB view details)

Uploaded Python 3

File details

Details for the file threatbus-zeek-2022.5.16.tar.gz.

File metadata

  • Download URL: threatbus-zeek-2022.5.16.tar.gz
  • Upload date:
  • Size: 9.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.8.12

File hashes

Hashes for threatbus-zeek-2022.5.16.tar.gz
Algorithm Hash digest
SHA256 0f3dcf886c181d17e8e6c97ef1242a766a163a1657f1e97f5f482dfe4714de64
MD5 e6a356d4e9aafc3444054f1f87f77752
BLAKE2b-256 3e3872b686d96ba249879a2ff167596aa5ec24e9b73fee238fdea07b5e396860

See more details on using hashes here.

File details

Details for the file threatbus_zeek-2022.5.16-py3-none-any.whl.

File metadata

File hashes

Hashes for threatbus_zeek-2022.5.16-py3-none-any.whl
Algorithm Hash digest
SHA256 76d031236e984e8ce36b2c3b548519547c724fabdd9aca5a9e4f9d868022c88e
MD5 c7101ef3c51a4f8deb4973bd246a64f5
BLAKE2b-256 52a844798ee104dd7191cb5d026a7b3b233815aff72c82137d8a63388f0f8f24

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page