Replies: 2 comments
-
|
Generally speaking, if a Zeek plugin consists of simple Zeek scripts (no compiled binaries), then you should be able to add the Zeek scripts to your configuration. Looking at the Zeek JA4 repo, it looks like simple Zeek scripts. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Looks someone already did it: |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.120
Installation Method
Security Onion ISO image
Description
other (please provide detail below)
Installation Type
Distributed
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
4
RAM
32
Storage for /
512GB
Storage for /nsm
16TB
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Looking to understand what it takes to add new modules to Zeek using Salt.
Specially JA4* Hashing and Zeek Long hashing.
Is there a process in place to add these manually, or at least be able to add them to our own config as opposed to being shipped with SOC?
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions