Zeek Network Security Monitor Dockerfile
Table of Contents
$ docker images
REPOSITORY TAG SIZE
blacktop/zeek latest 39MB
blacktop/zeek 3.0 39MB
blacktop/zeek elastic 101MB
blacktop/zeek kafka 46.9MB
blacktop/zeek zeekctl 84MB- Install Docker.
- Download trusted build from public Docker Registry:
docker pull blacktop/zeek
$ wget https://github.com/blacktop/docker-zeek/raw/master/pcap/heartbleed.pcap
$ wget https://github.com/blacktop/docker-zeek/raw/master/3.0/local.zeek
$ docker run --rm \
-v `pwd`:/pcap \
-v `pwd`/local.zeek:/usr/local/zeek/share/zeek/site/local.zeek \ # All default modules loaded
blacktop/zeek -r heartbleed.pcap local "Site::local_nets += { 192.168.11.0/24 }"$ ls -l
-rw-r--r-- 1 blacktop staff 635B Jul 30 12:11 conn.log
-rw-r--r-- 1 blacktop staff 754B Jul 30 12:11 files.log
-rw-r--r-- 1 blacktop staff 384B Jul 30 12:11 known_certs.log
-rw-r--r-- 1 blacktop staff 239B Jul 30 12:11 known_hosts.log
-rw-r--r-- 1 blacktop staff 271B Jul 30 12:11 known_services.log
-rw-r--r-- 1 blacktop staff 17K Jul 30 12:11 loaded_scripts.log
-rw-r--r-- 1 blacktop staff 1.9K Jul 30 12:11 notice.log <====== NOTICE
-rw-r--r-- 1 blacktop staff 253B Jul 30 12:11 packet_filter.log
-rw-r--r-- 1 blacktop staff 1.2K Jul 30 12:11 ssl.log
-rw-r--r-- 1 blacktop staff 901B Jul 30 12:11 x509.log$ cat notice.log | awk '{ print $11 }' | tail -n4
Heartbleed::SSL_Heartbeat_Attack
Heartbleed::SSL_Heartbeat_Odd_Length
Heartbleed::SSL_Heartbeat_Attack_SuccessFind a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.
MIT Copyright (c) 2018 blacktop