Roadmap

[rsmmr]

The following is a list of functionality that's on the radar for future versions of the Zeek Agent. Not everything is committed to, or planned out yet; this is primarily a record of ideas. Feedback welcome, just leave comments in this ticket.

Configuration/Deployment/Usage

• [ ] Auto-discovery of upstream Zeek connectivity
• [ ] Communication proxy aggregating and relaying messages
• [ ] Local configuration file (already exists, not yet finalized & documented)
• [ ] Remote agent configuration (other than queries)
• [ ] Provide user-accessible audit log of requested/transmitted information (simple logging in place already)
• [ ] Option to allow user to filter data returned by then agent
• [x] Switch upstream communication to WebSocket protocol, and remove Broker (#43)

Tables:

• Evented versions of current tables through OS-specific APIs
  • [x] Processes
  • [ ] File modifications
  • [x] Network connections / sockets
• [ ] Windows system registry modifications
• [ ] System services
• [ ] Module / kernel extensions loads
• [ ] Scripts Loading (Windows)
• [ ] Fileless Script loads (Windows)
• [ ] Cross Process events (?)

Packaging & OS integration

• [ ] Linux systemd integration
• [x] macOS notarized installer package (#15)
• [ ] ~~macOS launchd integration~~
• [x] Windows installer (#40)
• [x] Windows service

Integrations

• [ ] Export query results as JSON for consumption by external systems