Parse the known_*.log and software.log into SO #10265

0nnyx · 2023-05-02T11:02:31Z

0nnyx
May 2, 2023

So far, the known_*.log and software.log files (https://docs.zeek.org/en/master/logs/known-and-software.html) are generated by default by Zeek but not parsed by Kibana / SO while this info is useful. Once these are parsed, please also add default OQL queries to view them in the Hunt.

dougburks · 2023-08-24T14:44:08Z

dougburks
Aug 24, 2023
Maintainer

Zeek software.log should work in the new Security Onion 2.4:
https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/main/salt/elasticsearch/files/ingest/zeek.software

known_*.log would require additional manual configuration.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Parse the known_*.log and software.log into SO #10265

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Parse the known_*.log and software.log into SO #10265

Uh oh!

0nnyx May 2, 2023

Replies: 1 comment

Uh oh!

dougburks Aug 24, 2023 Maintainer

0nnyx
May 2, 2023

dougburks
Aug 24, 2023
Maintainer