We posted this yesterday: <https://zeek.org/2020/0...
# zeekr
Robin Sommer
03/24/2020, 7:31 AMWe posted this yesterday: https://zeek.org/2020/03/23/announcing-the-zeek-agent. Many thanks to @alessandrogario and Trail of Bits for their great work pulling this together!
s
stefanmaerz
03/24/2020, 12:29 PMIs this a fork of osquery built specifically to integrate with Zeek?
a
alessandrogario
03/24/2020, 12:29 PM
No, it works with standard osquery!
alessandrogario
03/24/2020, 12:30 PM
If there's anything that doesn't work with upstream binaries let us know and we'll open an issue 🙂
s
stefanmaerz
03/24/2020, 12:30 PMyes, helps if i read the artcle first 'Eventually, this process evolved into a clean rewrite to produce an entirely new agent that can operate both in a standalone fashion and with osquery.' 🙂
stefanmaerz
03/24/2020, 12:37 PMI'm definitely intrigued by this. Contextualizing and correlating network log sources is something i'm working on right now.
Is the idea behind this the same as the original bro-osquery project back in the day? Where Zeek can ask the endpoint for host (process/user) data to contextualize network logs? If so that is 🔥🔥🔥
a
alessandrogario
03/24/2020, 7:03 PM
Yes, something like that 🙂
🔥 1
6 Views