September 28, 2020

Introducing PcapMonkey

An easy way to analyze pcap using the latest version of Suricata and Zeek

image

PcapMonkey is a project that will provide an easy way to analyze pcap using the latest version of Suricata and Zeek.

It can also save Suricata and Zeek logs in Elasticsearch using the new Elasticsearch Common Schema or the original field names. PcapMonkey uses official docker containers (when available) for most images and aims to be easy and straightforward to use.

Features

  • PcapMonkey let's you run one or multiple pcaps and imports all logs to elasticsearch.
  • PcapMonkey keeps the "official" Zeek and Suricata fields names so you can look them up on the official documentation
  • It let you edit directly Suricata and Zeek configuration and scripts so you can test quickly new features
  • PcapMonkey comes with some very useful Zeek scripts like Ja3 and File extractor
  • It's possible to enable logging in ECS to leverage all ElasticSerch SIEM features
  • Let's you import also windows event files (BETA)
 Federico Foschini

Subscribe

Sign up to our newsletter

Clicking Submit, I agree to the use of my personal data in accordance with Certego Privacy Policy. Certego will not sell, trade, lease, or rent your personal data to third parties.

Services
Platform
Resources
Company
ISO 9001
Copyright © 2024 www.certego.net
Certego S.R.L. · P.I. 03517100362
Certego S.R.L.
Address: Via F. Lamborghini 81, 41121 Modena (MO)