Skip to content
Permalink
Browse files
generalize name
  • Loading branch information
tylabs committed Jul 12, 2021
1 parent 1e9d1ca commit edf733bfc7c8dec5f1bbd818b5e7834529adbbaa
Showing with 4 additions and 4 deletions.
  1. +1 −1 CLUSTER.md
  2. +1 −1 config.zeek
  3. +2 −2 scripts/dovehawk.zeek
@@ -1,4 +1,4 @@
# Zeek Cluster Setup for Dovehawk.io
# Zeek Cluster Setup for Dovehawk

The Dovehawk Zeek module can be run in a cluster with a central manager and many remote worker's each monitoring their own local interface. You can also use a cluster locally to distribute bandwidth automatically to distribute load for monitoring traffic even up to the 10-20Gbs range on sufficient hardware.

@@ -24,7 +24,7 @@ export {

#skip signature download if recent
global SKIP_SIGNATURE_DOWNLOAD: bool = T;
global CLUSTER_ID = "dovehawk.io"; #source name for MISP sightings
global CLUSTER_ID = "dovehawk"; #source name for MISP sightings



@@ -1,4 +1,4 @@
##! Dovehawk Zeek Module V 1.02.002 2021 01 14 @tylabs dovehawk.io
##! Dovehawk Zeek Module V 1.02.002 2021 01 14 @tylabs dovehawk
# This module downloads Zeek Intelligence Framework items and Signature Framework Zeek items from MISP.
# Sightings are reported back to MISP and optionally to a Slack webhook.
# This script could be easily modified to send hits to a central database / web dashboard or to add in indicators from other sources.
@@ -115,7 +115,7 @@ function load_sigs_misp() {
local f = open(tmp_fname);
local cnt = 0;
enable_raw_output(f);
print f,"# Dovehawk.io Content Signatures - Sig events should have SIG_PREFIX prefix\n\n";
print f,"# Dovehawk Content Signatures - Sig events should have SIG_PREFIX prefix\n\n";

for (line in lines) {
# don't write lines with double ## at start

0 comments on commit edf733b

Please sign in to comment.