Skip to content

dopheide-esnet/zeek-known-outbound

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
scripts
scripts
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
COPYING
COPYING
 
 
README.md
README.md
 
 
zkg.meta
zkg.meta
 
 

Repository files navigation

zeek-known-outbound

Requires zeek built against libmaxmind and GeoIP databases (typically GeoLite2)

This script provides the ability to track and alert on outbound service usage to a list of 'watched' countries. It also adds the country codes for your orig and resp in conn.log. To help reduce repeated entries, it uses a persistent Broker data store.

You may want to redefine the list of watched countries: redef Known::outbound_watch_countries += {"XX","YY","ZZ"};

"Outbound" is determined by your Site::local_nets or networks.cfg.

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity

Stars

7 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages