Comments (3)
Implementation note: Just to prove to myself that this would be pretty trivial, using an npm install
'd local Dev checkout of Brim in my ~work/brim
, I was able to get JA3/HASSH data included in my generated logs with these simple steps:
~/work$ git clone https://github.com/salesforce/ja3.git
~/work$ git clone https://github.com/salesforce/hassh.git
~/work$ cd ~/work/brim
~/work/brim$ mv ~/work/ja3/zeek zdeps/zeek/share/zeek/site/ja3
~/work/brim$ mv ~/work/hassh/bro zdeps/zeek/share/zeek/site/hassh
~/work/brim$ echo "@load ./ja3" >> zdeps/zeek/share/zeek/site/local.zeek
~/work/brim$ echo "@load ./hassh" >> zdeps/zeek/share/zeek/site/local.zeek
from zeek.
I've put up a PR at salesforce/hassh#10 to try and get HASSH de-Bro'ed before we include it in Brim. I also pinged Ben Reardon on Slack to see if he could help push it through with his contacts back at Salesforce.
from zeek.
Verified in Brim commit e079837
.
To verify, I made release artifacts on macOS, Windows, and Linux at that commit and imported pcaps to confirm the generated Zeek data now has the JA3/HASSH fields on ssl
and ssh
events, respectively.
On macOS:
On Linux:
On Windows:
Thanks @nwt!
from zeek.
Related Issues (19)
- Windows Zeek artifact packaging
- Include Zeek scripts commonly found on Corelight Sensor HOT 1
- Migrate Zeek-on-Windows into Brim's GitHub org HOT 1
- Build Zeek 3.1 with MSYS2 HOT 1
- print-types.zeek: handle nesting more than two levels deep HOT 1
- fail to ingest pcap: ensureSpawnedProcessTermination failed: Access is denied. HOT 3
- Zeek on Linux can't process pcapng file HOT 2
- CI support for msys2 windows zeek HOT 1
- Eliminate Zeek warning: calc_next_rotate(): can't parse rotation base time HOT 1
- Community ID support HOT 1
- Support adding plugin Zeek Packages in our build system HOT 1
- Add Zeek Package for Community ID to release artifact HOT 1
- Apparent memory leak in Windows port of Zeek HOT 3
- Failure to load Community ID plugin on Windows HOT 1
- Windows build failure due to missing include HOT 2
- Enable ssl-log-ext by default
- Add spicy-ldap package
- Enable geolocation for notice logs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zeek.