PACKAGES

zeek's package manager is used to install third-party scripts and plugins to extend zeek's functionality. the package manager is a built-in cmd and users can use it to install, load, remove, update and create packages with the "zkg" tool. once the packages are installed, there are three methods that can be used to call/use it.

  1. as a framework

  2. from a script with the "@load" method

  3. calling their package names

    1. note that this method works only for packages installed with the "zkg" install method.

#calling a package as a framework - this method calls a framework per usage (not scalable)
root@dco:~$ zeek -Cr http.pcap /opt/zeek/share/zeek/site/zeek-sniffpass

#calling packages via the @load method - this method is SCALABLE and can use multiple frameworks at once
root@dco:~$ cat sniff-demo.zeek
 @load /opt/zeek/share/zeek/site/zeek-sniffpass
 @load policy/frameworks/intel/seen
 
#calling packages via package name - not recommended
root@dco:~$ zeek -Cr http.pcap zeek-sniffpass
LogoZeek Package Manager: Home
LogoGitHub - zeek/packages: The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.GitHub
PreviousGEO-LOCATION DATANextHOST ANALYSIS

Last updated