You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
boB Rudis d0e007c847
path tweak
4 months ago
.github shld prlbly stop rushing these workflow tweaks 4 months ago
R path tweak 4 months ago
inst examples/tests/workflow 4 months ago
man this should work 4 months ago
tests R package repo initialization complete 4 months ago
tools-ref initial commit 4 months ago
.Rbuildignore initial commit 4 months ago
.codecov.yml R package repo initialization complete 4 months ago
.gitignore R package repo initialization complete 4 months ago
.travis.yml R package repo initialization complete 4 months ago
CONDUCT.md R package repo initialization complete 4 months ago
DESCRIPTION initial commit 4 months ago
NAMESPACE examples/tests/workflow 4 months ago
NEWS.md R package repo initialization complete 4 months ago
README.Rmd initial commit 4 months ago
README.md initial commit 4 months ago
appveyor.yml R package repo initialization complete 4 months ago
zeekr.Rproj R package repo initialization complete 4 months ago

README.md

Project Status: Active – The project has reached a stable, usablestate and is being activelydeveloped. Signedby Signed commit% R-CMD-check Linux buildStatus
Minimal RVersion License

zeekr

Tools to Make Analyses Using Zeek Easier

Description

Zeek is an open source network security monitoring system. Tools are provided to make it a bit easier to work with Zeek to perform analyses with R.

What’s Inside The Tin

The following functions are implemented:

  • find_zeek: Find the Zeek binary
  • get_zeek: Get Zeek
  • pcap_to_zeek: Process a PCAP with Zeek and create Parquet files
  • read_zeek_logs: Read zeek logs from a processed PCAP into a list
  • zeek_man: Zeek Manual Page Quick Reference
  • zeek_redefs: (WIP) Common redefinitions for Zeek when processing PCAPs
  • zeek: Call the Zeek binary with optional custom environment variables and options

Installation

remotes::install_git("https://git.rud.is/hrbrmstr/zeekr.git")

NOTE: To use the ‘remotes’ install options you will need to have the {remotes} package installed.

Usage

library(zeekr)

# current version
packageVersion("zeekr")
## [1] '0.1.0'
loc <- pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr"))

list.files(loc)
## [1] "conn.parquet"          "packet_filter.parquet" "ssh.parquet"

zeek <- read_zeek_logs(loc)

str(zeek, 3)
## List of 3
##  $ conn         :Classes 'tbl_df', 'tbl' and 'data.frame':   49 obs. of  18 variables:
##   ..$ ts           : num [1:49] 1.32e+09 1.32e+09 1.32e+09 1.32e+09 1.32e+09 ...
##   ..$ uid          : chr [1:49] "CAmnTGoJHwg6hNFea" "CvHC1J1yB5yLVQuXR7" "CE6UIa40hIdUlMZCS2" "CK2bU24sjXqxWxiSpl" ...
##   ..$ id_orig_h    : chr [1:49] "172.16.238.1" "172.16.238.1" "172.16.238.1" "172.16.238.1" ...
##   ..$ id_orig_p    : int [1:49] 58389 58389 58389 58389 58397 58389 58389 58398 58389 58399 ...
##   ..$ id_resp_h    : chr [1:49] "172.16.238.135" "172.16.238.135" "172.16.238.135" "172.16.238.135" ...
##   ..$ id_resp_p    : int [1:49] 22 22 22 22 22 22 22 22 22 22 ...
##   ..$ proto        : chr [1:49] "tcp" "tcp" "tcp" "tcp" ...
##   ..$ duration     : num [1:49] 4.23 NA NA NA 17.78 ...
##   ..$ orig_bytes   : int [1:49] 0 NA NA NA 1733 NA NA 1733 NA 1589 ...
##   ..$ resp_bytes   : int [1:49] 0 NA NA NA 2007 NA NA 2007 NA 1943 ...
##   ..$ conn_state   : chr [1:49] "SH" "SH" "SH" "SH" ...
##   ..$ missed_bytes : int [1:49] 0 0 0 0 0 0 0 0 0 0 ...
##   ..$ history      : chr [1:49] "F" "F" "F" "F" ...
##   ..$ orig_pkts    : int [1:49] 6 1 1 1 21 1 1 21 1 19 ...
##   ..$ orig_ip_bytes: int [1:49] 312 52 52 52 2837 52 52 2837 52 2589 ...
##   ..$ resp_pkts    : int [1:49] 0 0 0 0 17 0 0 18 0 16 ...
##   ..$ resp_ip_bytes: int [1:49] 0 0 0 0 2899 0 0 2951 0 2783 ...
##   ..$ service      : chr [1:49] NA NA NA NA ...
##  $ packet_filter:Classes 'tbl_df', 'tbl' and 'data.frame':   1 obs. of  5 variables:
##   ..$ ts     : num 1.63e+09
##   ..$ node   : chr "zeek"
##   ..$ filter : chr "ip or not ip"
##   ..$ init   : logi TRUE
##   ..$ success: logi TRUE
##  $ ssh          :Classes 'tbl_df', 'tbl' and 'data.frame':   40 obs. of  17 variables:
##   ..$ ts             : num [1:40] 1.32e+09 1.32e+09 1.32e+09 1.32e+09 1.32e+09 ...
##   ..$ uid            : chr [1:40] "CUegdV3IvAoKWGu681" "Ci9sXu2lSlpqg3Au47" "Csw04n3ZhbvBDjJTNd" "C3qrkm4EaQi2uvlpD6" ...
##   ..$ id_orig_h      : chr [1:40] "172.16.238.1" "172.16.238.1" "172.16.238.1" "172.16.238.1" ...
##   ..$ id_orig_p      : int [1:40] 58395 58396 58397 58398 58399 58402 58403 58404 58405 58406 ...
##   ..$ id_resp_h      : chr [1:40] "172.16.238.168" "172.16.238.129" "172.16.238.136" "172.16.238.136" ...
##   ..$ id_resp_p      : int [1:40] 22 22 22 22 22 22 22 22 22 22 ...
##   ..$ version        : int [1:40] 2 2 2 2 2 2 2 2 2 2 ...
##   ..$ auth_success   : logi [1:40] TRUE TRUE FALSE FALSE FALSE FALSE ...
##   ..$ auth_attempts  : int [1:40] 3 1 2 2 1 2 2 2 4 2 ...
##   ..$ client         : chr [1:40] "SSH-2.0-OpenSSH_5.6" "SSH-2.0-OpenSSH_5.6" "SSH-2.0-OpenSSH_5.6" "SSH-2.0-OpenSSH_5.6" ...
##   ..$ server         : chr [1:40] "SSH-2.0-OpenSSH_5.3" "SSH-2.0-OpenSSH_5.3" "SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1" "SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1" ...
##   ..$ cipher_alg     : chr [1:40] "aes128-ctr" "aes128-ctr" "aes128-ctr" "aes128-ctr" ...
##   ..$ mac_alg        : chr [1:40] "hmac-md5" "hmac-md5" "hmac-md5" "hmac-md5" ...
##   ..$ compression_alg: chr [1:40] "none" "none" "none" "none" ...
##   ..$ kex_alg        : chr [1:40] "diffie-hellman-group-exchange-sha256" "diffie-hellman-group-exchange-sha256" "diffie-hellman-group-exchange-sha256" "diffie-hellman-group-exchange-sha256" ...
##   ..$ host_key_alg   : chr [1:40] "ssh-rsa" "ssh-rsa" "ssh-rsa" "ssh-rsa" ...
##   ..$ host_key       : chr [1:40] "a5:3c:40:6e:e8:bf:5d:09:79:c8:4b:2c:65:5f:eb:12" "a5:3c:40:6e:e8:bf:5d:09:79:c8:4b:2c:65:5f:eb:12" "87:11:46:da:89:c5:2b:d9:6b:ee:e0:44:7e:73:80:f8" "87:11:46:da:89:c5:2b:d9:6b:ee:e0:44:7e:73:80:f8" ...

zeekr Metrics

Lang # Files (%) LoC (%) Blank lines (%) # Lines (%)
R 8 0.36 100 0.37 38 0.32 175 0.42
YAML 2 0.09 23 0.09 2 0.02 2 0.00
Rmd 1 0.05 12 0.04 19 0.16 30 0.07
SUM 11 0.50 135 0.50 59 0.50 207 0.50

clock Package Metrics for zeekr

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.