Good morning,
Maybe this is a stupid question, but is it possible to test only spicy analyzers in a standalone zeek installation? I would like to test these analyzers before to deploy them in our zeek cluster and use a Zeek standalone instance with minimal default Zeek analyzers.
Regards.
Hmm, not easily I think. Two ideas:
You could run in bare mode ("-b"), that then won’t pull in any default scripts and hence effectively disable the default analyzers. However, it disables everything else as well, so you’d need to pick and choose which scripts you want.
You can turn off individual analyzers from inside zeek_init(), but would need to iterate through them all. Example for disabling an analyzer here: https://github.com/zeek/spicy-analyzers#configuration (that’s for disabling a Spicy analyzer, but works the same for default ones)
Robin