nfr icon indicating copy to clipboard operation
nfr copied to clipboard
verified publisher icon alphasoc

Send "service" column from zeek logs

Open tg opened this issue 5 years ago • 0 comments

Zeek IP logs (conn.log) contain "service" column with application protocol, if detected. We can find values like "dns" or "ssl" in there. We should send it upstream as an "app" field.

tg avatar Jan 15 '20 12:01 tg