Status of 3 plugins

Well here I am. Zeek 3 was released Sep 23rd, and I'm dead in the water until these are updated:

https://github.com/J-Gras/bro-af_packet-plugin
https://github.com/salesforce/ja3/tree/master/bro
https://github.com/J-Gras/intel-seen-more

if anyone has inside communication channels or some other form of digital cattle prod I'd love it if you could motivate the above to get to Zeek 3 compatibility. Truth be told I haven't even been able to start testing yet due to the missing plugins I use.

Thank you.

James

Well here I am. Zeek 3 was released Sep 23rd, and I’m dead in the water
until these are updated:

https://github.com/J-Gras/bro-af_packet-plugin

appears to work just fine.

https://github.com/salesforce/ja3/tree/master/bro

Other than a warning about using bro_init, works fine. The code that causes this looks like dead code that isn’t even used anyway, so they can just be deleted. There’s also the hosom/bro-ja3 which is a cleaned up version and works without warnings. The test suite it includes fails to run properly (fixable btest issues), but installing anyway results in a functional package.

https://github.com/J-Gras/intel-seen-more

Looks like this hits the issue where it depends on bro/something which are now all zeek/something I fixed this in one of my packages by just deleting the “bro/” part of the dependency but I think this is more a migration issue that zkg could help resolve.

if anyone has inside communication channels or some other form of
digital cattle prod I’d love it if you could motivate the above to get
to Zeek 3 compatibility. Truth be told I haven’t even been able to
start testing yet due to the missing plugins I use.

Well, 2 out of the 3 already work, and one just needs a minor update that I’m sure Jan would be happy to make if someone had just told him about it.

All of them seem to work fine here on Zeek 3 pre-release.

https://github.com/J-Gras/intel-seen-more

Looks like this hits the issue where it depends on bro/something which are now all zeek/something I fixed this in one of my packages by just deleting the "bro/" part of the dependency but I think this is more a migration issue that zkg could help resolve.

The issue is already fixed in master since June. I just forgot to tag a new release.

Well, 2 out of the 3 already work, and one just needs a minor update that I'm sure Jan would be happy to make if someone had just told him about it.

True :slight_smile:

Jan

Thank you!