Skip to content

Feature/zeek integration #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 50 commits into
base: develop
Choose a base branch
from
Open

Feature/zeek integration #88

wants to merge 50 commits into from

Conversation

maldwg
Copy link
Collaborator

@maldwg maldwg commented Sep 24, 2025

No description provided.

maldwg added 30 commits June 27, 2025 13:34
@maldwg
Commit first draft
46973ea
@maldwg
Finish first draft for integrating zeek
c685af1
@maldwg
made kafka work with external addresses also
3c9d5d4
@maldwg
complete and fix tests
3a047b1
@maldwg
fix zeek handler for multiple kafka topics
f37b9ec
@maldwg
add configuration for dns payload size
a5b26e6
@maldwg
adapt logserver to work with multiple topics
0f83370
@maldwg
Adapt logcollector and batch handler to work with new topic design
ea0acef
@maldwg
Fix some remaining timestamp key issues
8070f02
@maldwg
begin work on prefilter
cff6d16
@maldwg
fixed collector again
3f3bf73
@maldwg
added prefilter for new layout with some technical debt
7a7abc8
@maldwg
add first draft until detector
7282b65
@maldwg
finish all modules first drafts
250323d
@maldwg
Add kafka topic exporter
9ac2678
@maldwg
finish first draft for zeek!
ee4164a
@maldwg
first draft for batch-tree
92a514e
@maldwg
fix dashboard for latencies
f652435
@maldwg
update dashboard and fix loglines count again
f368e85
@maldwg
finish monitoring metrics for latencies
977fc2b
@maldwg
format everything
75e8d30
@maldwg
fix kafka tests
5385eda
@maldwg
begin reworking the logserver teste
79e4a27
@maldwg
finish logserver tests
13e1ba7
@maldwg
fix log collector instance tests
513be82
@maldwg
adapt prefilter tests for now
c6cb54a 
TODO: missing still new tests and replacement tests
@maldwg
fix loglinehandler and add relevance handler tests
40096c5
@maldwg
add prefilter tests
aa70188
@maldwg
finish correcting tests for now
a503d36
@maldwg
correct last logcollector test
8c69182
maldwg added 18 commits August 15, 2025 12:05
@maldwg
Create abstract detector base class
f92ea5d
@maldwg
fix inspector tests
ea68d32
@maldwg
Update documentation for loglinehandler and check for untested code
c050ecb
@maldwg
finish zeek tests and documentation
d84eda5
@maldwg
finish logserver tests
dbb21f4
@maldwg
Add comments for utils and finish tests
3545087
@maldwg
Finish documentation and test implementation for the logcollector and…
93c301a 
… batch handler
@maldwg
Fix prefilter nd document code
e75c81f
@maldwg
Finish inspector tests and documentation
4c784c9
@maldwg
Add code documentation for the detector
0b5188e
@maldwg
adapt the grafana dashboard
48c9542
@maldwg
Finish tests for detector stage
8195ebc
@maldwg
first adjustments in documentation
3b8f6e4
@maldwg
finish first part of documentation
2b308ea
@maldwg
Integrate scaler changes: TODO: correct tests
fb117dc
@maldwg
Finish documentation adpatations
1c38488
@maldwg
Finish tests for detector
d71a8eb
@maldwg
fix small zeek configs and detector cheksum
9aef480
@maldwg
Copy link
Collaborator Author

maldwg commented Sep 24, 2025

Feel free to have a look at the changes and if you have any comments for improvements or spotted an error or something missing, just say it :)

@maldwg
Copy link
Collaborator Author

maldwg commented Sep 24, 2025

current Todos:

  • remove examplary configs from confg.yaml
  • Evaluate if we want to allow zeek to also process CSV data and not only PCAP/live traffic
  • Remove test_pcaps and add it to .gitignore to not blow up the repository
  • "Fix" response_ip for logcollector: Issue is that the current data does not feature frequently loglines with this property that's why it is commented out

@stefanDeveloper stefanDeveloper added the enhancement New feature or request label Sep 24, 2025
@stefanDeveloper stefanDeveloper added this to the Full IDS milestone Sep 24, 2025
@stefanDeveloper stefanDeveloper linked an issue Sep 26, 2025 that may be closed by this pull request
Future Release: Full IDS support for more protocols #62
Open
@stefanDeveloper
Copy link
Owner

Nice! Major improvement :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefanDeveloper stefanDeveloper Awaiting requested review from stefanDeveloper

@lamr02n lamr02n Awaiting requested review from lamr02n

Assignees

@maldwg maldwg

Labels
enhancement New feature or request
Projects
None yet
Milestone
Full IDS
Development

Successfully merging this pull request may close these issues.

Future Release: Full IDS support for more protocols
2 participants
@maldwg @stefanDeveloper