In this video, Keith Jones (Sr. Security Researcher, Corelight) introduces a simple Python program written to help you take your Zeek ASCII tab delimited files and make them full text searchable with ElasticSearch+Kibana (or OpenSearch, if you prefer). If you don’t have a full text indexer, Keith also shows you a way to query your ASCII text logs using the power of the jq application. No additional Python libraries are required beyond the default libraries, so using this script on different types of systems is painless.
If you would like to follow along, please check out our Zeek in Action playlist on the Zeek YouTube Channel.
If you would like to discuss the video, or consider creating one yourself, please visit the Zeek community Slack workspace and join the #documentation channel.
RSS - Posts