Closed dougburks closed 4 years ago
Confirmed sostat contains no instance of [Bb]ro other than the following lines that are cleaned up from the zeekctl response:
sostat
[Bb]ro
zeekctl
su sguil -c '/opt/zeek/bin/zeekctl netstats 2>&1 | grep -v "Warning: ZeekControl plugin uses legacy BroControl API. Use" | grep -v "import BroControl.plugin" | grep -v "^$" ' > $TMP
Looks good 👍
Published: https://blog.securityonion.net/2020/02/zeek-301-elastic-686-and-cyberchef-9120.html
dougburks
commented
4 years ago dougburks
commented
4 years ago
Confirmed
sostatcontains no instance of[Bb]roother than the following lines that are cleaned up from thezeekctlresponse:su sguil -c '/opt/zeek/bin/zeekctl netstats 2>&1 | grep -v "Warning: ZeekControl plugin uses legacy BroControl API. Use" | grep -v "import BroControl.plugin" | grep -v "^$" ' > $TMPLooks good 👍