Updating Zeek 2.5.3

Fyf_Fitty · June 20, 2019, 4:45pm

Hello there,

I was wondering if theres a way to update the signature database in Zeek 2.5.3 without updating to a newer version of Zeek.

V/R
Charles S. Garbag

Eric_Urban · June 20, 2019, 5:00pm

Do you mean the Team Cymru malware hashes? If so, I believe the database is not stored on disk but instead those are network (DNS TXT record) lookups. The Zeek scripting examples actually walks through that one at https://docs.zeek.org/en/stable/examples/scripting/.

johanna · June 20, 2019, 5:05pm

Hi,

I was wondering if theres a way to update the signature database in Zeek
2.5.3 without updating to a newer version of Zeek.

What exactly do you mean by the signature database?

Zeek is not really signature centric like other projects - and does not
come with an internal database of attack signatures (or similar) - hence
the question :).

If you install additional scripts that perform detection (e.g. from
bro-pkg) - a lot of them will run on several versions of Zeek.

Johanna

Topic		Replies	Views
signature update without restarting zeek Zeek	4	163	May 6, 2022
OS fingerprinting - p0f signature update Zeek	1	124	May 6, 2022
Zeek Community Signatures Zeek	3	236	May 6, 2022
Zeek 3.0.0 RC2 available Zeek	2	83	May 6, 2022
Zeek 3.0.2 (security update) and 3.1.0 (new features) released Zeek	1	88	May 6, 2022

Updating Zeek 2.5.3

Related topics