What version of Zeek is going to map to ECS ?

Just curious what version of Zeek is going to have the ECS mapping ?

Thank you,

Hi Don,

Assuming you’re using Filebeat’s Zeek module, it looks like ECS mapping is supported as of Zeek 2.6.1 (https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-zeek.html). This Github PR (https://github.com/elastic/beats/pull/17738) references an update to the Zeek module to support ECS 1.5 (latest).

I have Zeek 3.1.4 sending logs to Elasticsearch 7.8 and can confirm that fields appear to be mapped properly.

Hope that helps!

If you have other avenues in mind, see also: