Collect Zeek logs on Windows

[DissectBot]

(Path to be supplied)

Zeek will be implemented in Windows Defender so will run on all endpoints.

[joost-j]

I remember looking into this a while ago, but it seems that the Zeek part of Defender publishes these network events via Windows Event Tracing (ETW) to some kind of broker within Defender, which then forwards some of the events as telemetry to MSFT. I couldn't find local files containing network logging (e.g. the conn.log, ssl.log) that you would expect in normal circumstances on disk.