Requires Python 3.7
PCAP Flow
pip install -r requiremnets.txt
export FLASK_APP=pcapagent.py.py
export FLASK_DEBUG=1
flask run
docker build . -t securityonion-pcapagent
sudo docker-compose up -d
###PCAP Agent
- Agent checks in every X seconds looking for jobs GET /getjobs
PCAP Server
Use ESID to pull PCAP replace capme with bro ESID need to be able to connect to elastic Limit size of transcript