You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
boB Rudis 2a678cc96b
shld prlbly stop rushing these workflow tweaks
11 months ago
.github shld prlbly stop rushing these workflow tweaks 11 months ago
R examples/tests/workflow 11 months ago
inst examples/tests/workflow 11 months ago
man examples/tests/workflow 11 months ago
tests R package repo initialization complete 11 months ago
tools-ref initial commit 11 months ago
.Rbuildignore initial commit 11 months ago
.codecov.yml R package repo initialization complete 11 months ago
.gitignore R package repo initialization complete 11 months ago
.travis.yml R package repo initialization complete 11 months ago
CONDUCT.md R package repo initialization complete 11 months ago
DESCRIPTION initial commit 11 months ago
NAMESPACE examples/tests/workflow 11 months ago
NEWS.md R package repo initialization complete 11 months ago
README.Rmd initial commit 11 months ago
README.md initial commit 11 months ago
appveyor.yml R package repo initialization complete 11 months ago
zeekr.Rproj R package repo initialization complete 11 months ago

README.md

Project Status: Active – The project has reached a stable, usablestate and is being activelydeveloped. Signedby Signed commit% R-CMD-check Linux buildStatus
Minimal RVersion License

zeekr

Tools to Make Analyses Using Zeek Easier

Description

Zeek is an open source network security monitoring system. Tools are provided to make it a bit easier to work with Zeek to perform analyses with R.

What’s Inside The Tin

The following functions are implemented:

  • find_zeek: Find the Zeek binary
  • get_zeek: Get Zeek
  • pcap_to_zeek: Process a PCAP with Zeek and create Parquet files
  • read_zeek_logs: Read zeek logs from a processed PCAP into a list
  • zeek_man: Zeek Manual Page Quick Reference
  • zeek_redefs: (WIP) Common redefinitions for Zeek when processing PCAPs
  • zeek: Call the Zeek binary with optional custom environment variables and options

Installation

remotes::install_git("https://git.rud.is/hrbrmstr/zeekr.git")

NOTE: To use the ‘remotes’ install options you will need to have the {remotes} package installed.

Usage

library(zeekr)

# current version
packageVersion("zeekr")
## [1] '0.1.0'
loc <- pcap_to_zeek(system.file("pcap/ssh.pcap", package = "zeekr"))

list.files(loc)
## [1] "conn.parquet"          "packet_filter.parquet" "ssh.parquet"

zeek <- read_zeek_logs(loc)

str(zeek, 3)
## List of 3
##  $ conn         :Classes 'tbl_df', 'tbl' and 'data.frame':   49 obs. of  18 variables:
##   ..$ ts           : num [1:49] 1.32e+09 1.32e+09 1.32e+09 1.32e+09 1.32e+09 ...
##   ..$ uid          : chr [1:49] "CAmnTGoJHwg6hNFea" "CvHC1J1yB5yLVQuXR7" "CE6UIa40hIdUlMZCS2" "CK2bU24sjXqxWxiSpl" ...
##   ..$ id_orig_h    : chr [1:49] "172.16.238.1" "172.16.238.1" "172.16.238.1" "172.16.238.1" ...
##   ..$ id_orig_p    : int [1:49] 58389 58389 58389 58389 58397 58389 58389 58398 58389 58399 ...
##   ..$ id_resp_h    : chr [1:49] "172.16.238.135" "172.16.238.135" "172.16.238.135" "172.16.238.135" ...
##   ..$ id_resp_p    : int [1:49] 22 22 22 22 22 22 22 22 22 22 ...
##   ..$ proto        : chr [1:49] "tcp" "tcp" "tcp" "tcp" ...
##   ..$ duration     : num [1:49] 4.23 NA NA NA 17.78 ...
##   ..$ orig_bytes   : int [1:49] 0 NA NA NA 1733 NA NA 1733 NA 1589 ...
##   ..$ resp_bytes   : int [1:49] 0 NA NA NA 2007 NA NA 2007 NA 1943 ...
##   ..$ conn_state   : chr [1:49] "SH" "SH" "SH" "SH" ...
##   ..$ missed_bytes : int [1:49] 0 0 0 0 0 0 0 0 0 0 ...
##   ..$ history      : chr [1:49] "F" "F" "F" "F" ...
##   ..$ orig_pkts    : int [1:49] 6 1 1 1 21 1 1 21 1 19 ...
##   ..$ orig_ip_bytes: int [1:49] 312 52 52 52 2837 52 52 2837 52 2589 ...
##   ..$ resp_pkts    : int [1:49] 0 0 0 0 17 0 0 18 0 16 ...
##   ..$ resp_ip_bytes: int [1:49] 0 0 0 0 2899 0 0 2951 0 2783 ...
##   ..$ service      : chr [1:49] NA NA NA NA ...
##  $ packet_filter:Classes 'tbl_df', 'tbl' and 'data.frame':   1 obs. of  5 variables:
##   ..$ ts     : num 1.63e+09
##   ..$ node   : chr "zeek"
##   ..$ filter : chr "ip or not ip"
##   ..$ init   : logi TRUE
##   ..$ success: logi TRUE
##  $ ssh          :Classes 'tbl_df', 'tbl' and 'data.frame':   40 obs. of  17 variables:
##   ..$ ts             : num [1:40] 1.32e+09 1.32e+09 1.32e+09 1.32e+09 1.32e+09 ...
##   ..$ uid            : chr [1:40] "CUegdV3IvAoKWGu681" "Ci9sXu2lSlpqg3Au47" "Csw04n3ZhbvBDjJTNd" "C3qrkm4EaQi2uvlpD6" ...
##   ..$ id_orig_h      : chr [1:40] "172.16.238.1" "172.16.238.1" "172.16.238.1" "172.16.238.1" ...
##   ..$ id_orig_p      : int [1:40] 58395 58396 58397 58398 58399 58402 58403 58404 58405 58406 ...
##   ..$ id_resp_h      : chr [1:40] "172.16.238.168" "172.16.238.129" "172.16.238.136" "172.16.238.136" ...
##   ..$ id_resp_p      : int [1:40] 22 22 22 22 22 22 22 22 22 22 ...
##   ..$ version        : int [1:40] 2 2 2 2 2 2 2 2 2 2 ...
##   ..$ auth_success   : logi [1:40] TRUE TRUE FALSE FALSE FALSE FALSE ...
##   ..$ auth_attempts  : int [1:40] 3 1 2 2 1 2 2 2 4 2 ...
##   ..$ client         : chr [1:40] "SSH-2.0-OpenSSH_5.6" "SSH-2.0-OpenSSH_5.6" "SSH-2.0-OpenSSH_5.6" "SSH-2.0-OpenSSH_5.6" ...
##   ..$ server         : chr [1:40] "SSH-2.0-OpenSSH_5.3" "SSH-2.0-OpenSSH_5.3" "SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1" "SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1" ...
##   ..$ cipher_alg     : chr [1:40] "aes128-ctr" "aes128-ctr" "aes128-ctr" "aes128-ctr" ...
##   ..$ mac_alg        : chr [1:40] "hmac-md5" "hmac-md5" "hmac-md5" "hmac-md5" ...
##   ..$ compression_alg: chr [1:40] "none" "none" "none" "none" ...
##   ..$ kex_alg        : chr [1:40] "diffie-hellman-group-exchange-sha256" "diffie-hellman-group-exchange-sha256" "diffie-hellman-group-exchange-sha256" "diffie-hellman-group-exchange-sha256" ...
##   ..$ host_key_alg   : chr [1:40] "ssh-rsa" "ssh-rsa" "ssh-rsa" "ssh-rsa" ...
##   ..$ host_key       : chr [1:40] "a5:3c:40:6e:e8:bf:5d:09:79:c8:4b:2c:65:5f:eb:12" "a5:3c:40:6e:e8:bf:5d:09:79:c8:4b:2c:65:5f:eb:12" "87:11:46:da:89:c5:2b:d9:6b:ee:e0:44:7e:73:80:f8" "87:11:46:da:89:c5:2b:d9:6b:ee:e0:44:7e:73:80:f8" ...

zeekr Metrics

Lang # Files (%) LoC (%) Blank lines (%) # Lines (%)
R 8 0.36 100 0.37 38 0.32 175 0.42
YAML 2 0.09 23 0.09 2 0.02 2 0.00
Rmd 1 0.05 12 0.04 19 0.16 30 0.07
SUM 11 0.50 135 0.50 59 0.50 207 0.50

clock Package Metrics for zeekr

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.