Zeek Integration

[mavam]

Zeek provides in-depth network visibility and comes with flexible runtime to control traffic processing. The Zeek App taps into subsets of Zeek's telemetry stream and injects threat intel deep into the runtime.

:100: Definition of Done

• [ ] The app's attached VAST node ingests Zeek logs
• [ ] The fabric subscribes to notices and publishes them as alerts

[dominiklohmann]

Closing as we are not currently pursuing this.