Send "service" column from zeek logs

alphasoc / nfr

A lightweight tool to score network traffic and flag anomalies

https://alphasoc.com

Other

122 stars 19 forks source link

Send "service" column from zeek logs #75

Open tg opened 4 years ago

tg commented 4 years ago

Zeek IP logs (conn.log) contain "service" column with application protocol, if detected. We can find values like "dns" or "ssl" in there. We should send it upstream as an "app" field.