Comments (3)
philrz
commented on July 24, 2024
Implementation note: Just to prove to myself that this would be pretty trivial, using an npm install'd local Dev checkout of Brim in my ~work/brim, I was able to get JA3/HASSH data included in my generated logs with these simple steps:
~/work$ git clone https://github.com/salesforce/ja3.git
~/work$ git clone https://github.com/salesforce/hassh.git
~/work$ cd ~/work/brim
~/work/brim$ mv ~/work/ja3/zeek zdeps/zeek/share/zeek/site/ja3
~/work/brim$ mv ~/work/hassh/bro zdeps/zeek/share/zeek/site/hassh
~/work/brim$ echo "@load ./ja3" >> zdeps/zeek/share/zeek/site/local.zeek
~/work/brim$ echo "@load ./hassh" >> zdeps/zeek/share/zeek/site/local.zeek
from zeek.
philrz
commented on July 24, 2024
I've put up a PR at salesforce/hassh#10 to try and get HASSH de-Bro'ed before we include it in Brim. I also pinged Ben Reardon on Slack to see if he could help push it through with his contacts back at Salesforce.
from zeek.
philrz
commented on July 24, 2024
Verified in Brim commit e079837.
To verify, I made release artifacts on macOS, Windows, and Linux at that commit and imported pcaps to confirm the generated Zeek data now has the JA3/HASSH fields on ssl and ssh events, respectively.
On macOS:
On Linux:
On Windows:
Thanks @nwt!
from zeek.
Related Issues (19)
- Windows Zeek artifact packaging
- Include Zeek scripts commonly found on Corelight Sensor HOT 1
- Migrate Zeek-on-Windows into Brim's GitHub org HOT 1
- Build Zeek 3.1 with MSYS2 HOT 1
- print-types.zeek: handle nesting more than two levels deep HOT 1
- fail to ingest pcap: ensureSpawnedProcessTermination failed: Access is denied. HOT 3
- Zeek on Linux can't process pcapng file HOT 2
- CI support for msys2 windows zeek HOT 1
- Eliminate Zeek warning: calc_next_rotate(): can't parse rotation base time HOT 1
- Community ID support HOT 1
- Support adding plugin Zeek Packages in our build system HOT 1
- Add Zeek Package for Community ID to release artifact HOT 1
- Apparent memory leak in Windows port of Zeek HOT 3
- Failure to load Community ID plugin on Windows HOT 1
- Windows build failure due to missing include HOT 2
- Enable ssl-log-ext by default
- Add spicy-ldap package
- Enable geolocation for notice logs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zeek.