Open TOoSmOotH opened 2 years ago
At a quic
glance, it looks like https://github.com/salesforce/GQUIC_Protocol_Analyzer is not yet compatible with Zeek 4.0:
https://github.com/salesforce/GQUIC_Protocol_Analyzer/pull/12
https://github.com/salesforce/GQUIC_Protocol_Analyzer/pull/14
https://github.com/corelight/zeek-quic may be more current.
Punny! 😂
Are there any plans to implement this?
Are there any plans to implement this?
I think the latest Zeek version it supports is 4.1. If the author updates it to support Zeek 6 then we can consider it.
Looks like they are planning on putting it into core.
QUIC v1 INITIAL packet parsing now included in Zeek v6.1, handling of v2 INITIAL packets added in v6.2. https://github.com/zeek/zeek/blob/master/NEWS
Securityonion v2.4.70 includes Zeek v6.0.4.
Discussed in https://github.com/Security-Onion-Solutions/securityonion/discussions/6916