zeek2es.py
0
Free
This Python application translates Zeek's ASCII TSV and JSON logs into ElasticSearch's bulk load JSON format. Table of Contents: Introduction Installation Elastic v8.0+ Docker Upgrading zeek2es ES Ingest Pipeline Filtering Data Python Filters Filter on Keys Command Line Examples Command Line Options Requirements Notes Humio JSON Log Input Data Streams Helper Scripts Cython Introduction Want to see multiple Zeek logs for the same connection ID (uid) or file ID (fuid)? Here are the hits from files.log, http.log, and conn.log for a single uid: You can perform subnet searching on Zeek's 'addr' type: You can create time series graphs, such as this NTP and HTTP graph: IP Addresses can be Geolocated with the -g command line option: Aggregations are simple and quick: This application will 'just work' when Zeek log formats change. The logic reads the field names and associated types to set up the mappings correctly in ElasticSearch. This application will recognize gzip or uncompressed logs. This application assumes you have ElasticSearch set up on your localhost at the default port. If you do not have ElasticSearch you can output the JSON to stdout with the -s -b command line opt
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.
Free
A pure Python parser for Windows Event Log files with access to File and Chunk headers, record templates, and event entries.
Free
Serverless, real-time data analysis framework for incident detection and response.
Free
A service that analyzes and visualizes security data to investigate potential security issues.
Free
Procmon for Linux is a reimagining of the classic Procmon tool from Windows, allowing Linux developers to trace syscall activity efficiently.
Free
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security