Skip to content
This repository has been archived by the owner on Apr 1, 2024. It is now read-only.

Community ID support #36

Closed
philrz opened this issue Sep 4, 2020 · 1 comment · Fixed by #43
Closed

Community ID support #36

philrz opened this issue Sep 4, 2020 · 1 comment · Fixed by #43
Assignees
@nwt
Labels
community Epic

Comments

@philrz
Copy link

philrz commented Sep 4, 2020
edited

We'd like to enhance the Zeek artifact that's bundled with Brim to add the Community ID field to conn records. This will allow for joining with other data sources, such as Suricata (brimdata/zed#1211).
@philrz philrz added the Epic label Sep 4, 2020
@nwt nwt mentioned this issue Oct 6, 2020
Merged
@nwt nwt closed this as completed in #43 Oct 7, 2020
@philrz
Copy link
Author

philrz commented Oct 9, 2020

Verified in Brim commit e15e557, which includes bundled Zeek release artifact v3.2.1-brim2.

Per the attached video, now when a pcap is dragged into Brim, the community_id field of the Zeek conn records is populated.

Verify.zip

Thanks @nwt!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@nwt nwt

Labels
community Epic
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add corelight/zeek-community-id package brimdata/zeek
2 participants
@nwt @philrz