This package provides extensions for Zeek's intelligence framework. It implements the following functionalities:
- Remote management of intelligence items (using broker).
- Preservation of files associated with an intel hit.
Intelligence expiration on per item basis.Per item expiration has been moved to a separate package. Support forSupport for
<IP>:<Port>indicators has been moved to a separate package.
The scripts are available as package for the Zeek Package Manager and can be installed using the following command:
zkg install intel-extensions
None of the scripts is loaded by default, i.e.
zkg load intel-extensions does not enable any functionality. To load all scripts, add the following to your
@load packages @load packages/intel-extensions/remote_control.zeek @load packages/intel-extensions/preserve_files.zeek