so-import-pcap: enable file-extraction

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

https://securityonion.net

3.06k stars 521 forks source link

Closed dougburks closed 4 years ago

dougburks commented 4 years ago

sed -i 's|^#@load file-extraction|@load file-extraction|g' /opt/zeek/share/zeek/site/local.zeek

dougburks commented 4 years ago

To test, please import a pcap that includes a Windows EXE download and then verify that the EXE was extracted to /nsm/zeek/extracted/.

dougburks commented 4 years ago