Adding LDAP or any zeek script to SO #13840
-
|
Good afternoon All, I have been trying to figure out how to add LDAP to the zeek configuration. I have read through the SO docs but can't quite grasp if I need to add the zeek LDAP script to the SO instance, and if so, where to put it and how to add it correctly to the SO configuration in zeek > config > local > load I have tried just adding protocols/ldap to the list, but I get I am currently running version 2.4.10 Thanks for any and all help! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
I don't believe you can add parsers to Zeek, because they would need to be included in the so-zeek container image. Do you have a link to this LDAP parser? |
Beta Was this translation helpful? Give feedback.
-
|
It looks like it is part of the standard zeek implementation. Zeek-LDAP |
Beta Was this translation helpful? Give feedback.
-
|
I don't think that was added until Zeek 6.1 -- Security Onion currently ships with 6.0.8. It should be added when the Zeek container is next updated for the platform. |
Beta Was this translation helpful? Give feedback.
-
|
Very good! I will wait patiently. |
Beta Was this translation helpful? Give feedback.
I don't think that was added until Zeek 6.1 -- Security Onion currently ships with 6.0.8. It should be added when the Zeek container is next updated for the platform.