AWS CloudTrail
0 (0)
Track user activity and API usage on AWS and in hybrid and multicloud environments.
This Python application translates Zeek's ASCII TSV and JSON logs into ElasticSearch's bulk load JSON format. Table of Contents: Introduction Installation Elastic v8.0+ Docker Upgrading zeek2es ES Ingest Pipeline Filtering Data Python Filters Filter on Keys Command Line Examples Command Line Options Requirements Notes Humio JSON Log Input Data Streams Helper Scripts Cython Introduction Want to see multiple Zeek logs for the same connection ID (uid) or file ID (fuid)? Here are the hits from files.log, http.log, and conn.log for a single uid: You can perform subnet searching on Zeek's 'addr' type: You can create time series graphs, such as this NTP and HTTP graph: IP Addresses can be Geolocated with the -g command line option: Aggregations are simple and quick: This application will 'just work' when Zeek log formats change. The logic reads the field names and associated types to set up the mappings correctly in ElasticSearch. This application will recognize gzip or uncompressed logs. This application assumes you have ElasticSearch set up on your localhost at the default port. If you do not have ElasticSearch you can output the JSON to stdout with the -s -b command line opt
Track user activity and API usage on AWS and in hybrid and multicloud environments.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Serverless, real-time data analysis framework for incident detection and response.
A framework for generating log events without the need for infrastructure, allowing for simple, repeatable, and randomized log event creation.
Elasticsearch is a versatile platform for centralized data storage, fast search, and scalable analytics.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.