A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for further processing!
☆39Aug 18, 2022Updated 3 years ago
Alternatives and similar repositories for zeek2es
Users that are interested in zeek2es are comparing it to the libraries listed below
Sorting:
- A simple way of detecting multithreaded exfiltration in Zeek.☆15May 1, 2025Updated 10 months ago
- A Sigma based detection pipeline☆13Dec 15, 2023Updated 2 years ago
- A Zeek plugin to POST logs over HTTP.☆13Feb 10, 2020Updated 6 years ago
- Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt☆40Jun 20, 2023Updated 2 years ago
- Zeek package to create JSON formatted logs to stream into data analysis systems.☆30Dec 3, 2025Updated 3 months ago
- This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a mat…☆62Dec 16, 2023Updated 2 years ago
- Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…☆16Jun 15, 2021Updated 4 years ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆33Nov 3, 2025Updated 4 months ago
- Automation of VPC Traffic Mirror Sessions in AWS☆35Nov 15, 2025Updated 3 months ago
- Growing collection of Spicy-based protocol and file analyzers for Zeek☆32Sep 16, 2024Updated last year
- Threat Intelligence with Elastic - Minemeld integration with Elasticsearch☆19May 11, 2021Updated 4 years ago
- ☆58Mar 4, 2022Updated 4 years ago
- Zeek support for Community ID flow hashing.☆36Jul 11, 2023Updated 2 years ago
- Mapping Corelight or Zeek data to Elastic Common Schema logs☆12Dec 21, 2025Updated 2 months ago
- Zeek-Formatted Threat Intelligence Feeds☆385Feb 25, 2026Updated last week
- A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the…☆62Nov 26, 2025Updated 3 months ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- ☆11Apr 22, 2022Updated 3 years ago
- Dockerized Zeek☆12Mar 9, 2024Updated last year
- Mapping NSM rules to MITRE ATT&CK☆73Aug 29, 2020Updated 5 years ago
- Enables Zeek to communicate with Tenzir☆11Jul 20, 2023Updated 2 years ago
- Tool to perform differential fault analysis attack (DFA) on whiteboxes with external encodings.☆16Feb 10, 2023Updated 3 years ago
- ☆13Feb 25, 2021Updated 5 years ago
- Command-line tool to format and syntax highlight Suricata rules☆13Nov 30, 2019Updated 6 years ago
- HTTP Headers Hashing (HHHash) is a technique used to create a fingerprint of an HTTP server based on the headers it returns.☆79Aug 22, 2023Updated 2 years ago
- A Zeek package that detects Zoom logins and meeting joins☆12Apr 15, 2020Updated 5 years ago
- Windows Security Logging☆43Jul 17, 2022Updated 3 years ago
- Repository to provide files related to our blog articles.☆16May 26, 2025Updated 9 months ago
- Open source endpoint agent providing host information to Zeek. [v2]☆90Updated this week
- This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2☆124Nov 19, 2020Updated 5 years ago
- Zeek plugin to generate data on per-packet sizes and intervals☆14Apr 21, 2020Updated 5 years ago
- ☆14Oct 25, 2022Updated 3 years ago
- Code for BH21 talk: "Generating YARA Rules by Classifying Malicious Byte Sequences"☆17Feb 6, 2025Updated last year
- Tool to automate takeover of DigitalOcean Kubernetes cluster. Check out the blog post for more info.☆17Dec 20, 2018Updated 7 years ago
- Ansible role to install auditbeat for security monitoring. (Ruleset included)☆15Nov 16, 2023Updated 2 years ago
- openVAS with ansible☆21Apr 22, 2015Updated 10 years ago
- Recent cyber attacks reports & interesting analysis files☆15Apr 14, 2022Updated 3 years ago
- Go implementation of the Community ID flow hashing standard☆21Apr 17, 2025Updated 10 months ago
- Repo for Automations and other solutions for Elastic SIEM/Security.☆18Jun 15, 2021Updated 4 years ago