Last active
April 19, 2020 21:54
-
-
Save Zobber/52efea704a933f1c9f9fc067b68e862e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| zq -f text "cut ts,id.orig_h,id.orig_p,conn_state,history,orig_ip_bytes,resp_ip_bytes" conn.log;zq "sum(orig_bytes)" conn.log;zq "avg(orig_bytes)" conn.log;zq "history="D"|count ()" conn.log | |
| #Zeekurity Zeek_IDS. Remote Windows Network audit. (SSH). | |
| ssh [email protected] -p2223 ..... zeek -S -Q -C -r - -e 'redef LogAscii::use_json=T;' local.bro bro-scripts/scripts/geo/geo policy/frameworks/files/extract-all-files.bro | |
| watch -n2 -c 'tree -aJhD| jq . | ccze -A' | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment