You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 lines
1.1 KiB
25 lines
1.1 KiB
% Generated by roxygen2: do not edit by hand
|
|
% Please edit documentation in R/zeek-redefs.R
|
|
\name{zeek_redefs}
|
|
\alias{zeek_redefs}
|
|
\title{(WIP) Common \code{redef}initions for Zeek when processing PCAPs}
|
|
\description{
|
|
Zeek is great out-of-the-box, but you may need to tweak behavior
|
|
every now and then to perform analyses on the Zeek logs.
|
|
}
|
|
\details{
|
|
\itemize{
|
|
\item \verb{redef Log::default_scope_sep = "_"} will turn dots ("\code{.}") in column
|
|
names to underscores ("\verb{_}"). This will make many "big data" environments
|
|
much more pleasant to deal with.
|
|
\item \verb{redef FileExtraction::path = "/some/where/else"} will reconfigure where
|
|
Zeek's output files go.
|
|
\item \verb{redef FTP::default_capture_password = T} will turn off Zeek's default
|
|
masking of FTP passwords.
|
|
\item \verb{redef HTTP::default_capture_password=T} will turn off Zeek's default
|
|
state of not capturing HTTP passwords.
|
|
\item \verb{redef Intel::read_files += \{ "/opt/zeek_file_badlist.txt" \}} will load in
|
|
custom IoCs (see the \href{https://docs.zeek.org/en/master/frameworks/intel.html}{Intelligence Framework})
|
|
for more info.
|
|
}
|
|
}
|
|
|