Analyzing files within Zeek scripts

Mayara · September 5, 2024, 9:43pm

Hello, I have interest in making an analysis in which, whenever dns_request event is triggered, the query is compared to other queries, present in a file. In this sense, I would like to know how to make a sequencial read of a file, present in a local directory, in a Zeek script, in order to make the type of comparison I am aiming to do.

I have been reading the documentation about file analysis, however, I am having some difficulties in understand how could I extract the data in a sequencial way and then take further actions based on them.

Vern · October 3, 2024, 6:34pm

The idiomatic way to do this in Zeek would be to read the file into a set or table using the Input Framework, and then compare the query to that, rather than trying to read elements from the file once per query, which will be difficult to make efficient.

Topic		Replies	Views
File events question Zeek	3	163	May 6, 2022
Zeek - Usecase based File Extraction Zeek	3	98	May 6, 2022
Scripting for parsing file names from a directory Zeek	1	266	June 23, 2022
File extraction of TLS traffic Zeek	2	218	November 21, 2022
Does the file analysis framework support analyzing files over POP3? Zeek	1	122	May 6, 2022

Analyzing files within Zeek scripts

Related Topics