zeek-oui

Zeek script to enable OUI logging in the conn log

Setting up

Download the script to your zeek host

wget https://raw.githubusercontent.com/iamckn/zeek-oui/master/oui-logging.zeek
sudo mv oui-logging.zeek /usr/local/zeek/share/zeek/policy/protocols/conn/

Download your oui mapping file to your zeek host

wget https://raw.githubusercontent.com/iamckn/zeek-oui/master/oui.dat
sudo mv oui.dat /usr/local/zeek/share/zeek/policy/protocols/conn/

Load the script by editing the file - /usr/local/zeek/share/zeek/site/local.zeek

@load policy/protocols/conn/oui-logging

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README.md		README.md
oui-logging.zeek		oui-logging.zeek
oui.dat		oui.dat
oui.py		oui.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

oui-logging.zeek

oui-logging.zeek

oui.dat

oui.dat

oui.py

oui.py

Repository files navigation

zeek-oui

Setting up

About

Releases

Packages

Languages

iamckn/zeek-oui

Folders and files

Latest commit

History

Repository files navigation

zeek-oui

Setting up

About

Resources

Stars

Watchers

Forks

Languages