Logger bump to Ubuntu 18.04 & Migrate to Zeek

2019-12-20 15:48:13 -08:00
parent beecfbf2e2
commit 7e17727cbb
9 changed files with 96 additions and 87 deletions
--- a/Vagrant/resources/GPO/wef_configuration/manifest.xml
+++ b/Vagrant/resources/GPO/wef_configuration/manifest.xml
@@ -1 +1 @@
-<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{68C5FF8C-1305-4ECC-B30B-1E2F2A5D3DE2}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{ab078dc9-15f8-49aa-98fe-a0e0b46dcb74}]]></GPODomainGuid><GPODomainController><![CDATA[dc]]></GPODomainController><BackupTime><![CDATA[2017-07-22T06:56:17]]></BackupTime><ID><![CDATA[{AE232F63-0190-47EE-BAF9-B78754178376}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Custom Event Channel Permissions]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{4B3113E3-C8EF-4CED-813C-F0D888C55C61}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{ab078dc9-15f8-49aa-98fe-a0e0b46dcb74}]]></GPODomainGuid><GPODomainController><![CDATA[dc]]></GPODomainController><BackupTime><![CDATA[2017-07-22T06:46:11]]></BackupTime><ID><![CDATA[{F523FD69-7E4C-4315-93D0-557089F1B8A1}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Windows Event Forwarding Server]]></GPODisplayName></BackupInst></Backups>
+<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{3869352D-95F3-4FB0-BCDA-40191D897625}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{fb2bbf1f-a40e-4090-bf1f-b9abdc11d3a5}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2019-12-04T05:59:36]]></BackupTime><ID><![CDATA[{1C916D7C-52F4-4EB4-8EA7-081349532B3C}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Custom Event Channel Permissions]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{4B3113E3-C8EF-4CED-813C-F0D888C55C61}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{ab078dc9-15f8-49aa-98fe-a0e0b46dcb74}]]></GPODomainGuid><GPODomainController><![CDATA[dc]]></GPODomainController><BackupTime><![CDATA[2017-07-22T06:46:11]]></BackupTime><ID><![CDATA[{F523FD69-7E4C-4315-93D0-557089F1B8A1}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Windows Event Forwarding Server]]></GPODisplayName></BackupInst></Backups>
--- a/Vagrant/resources/bro/bro.service
+++ b/Vagrant/resources/bro/bro.service
@@ -1,17 +0,0 @@
-[Unit]
-Description=Bro
-After=network.target
-
-[Service]
-ExecStartPre=-/opt/bro/bin/broctl cleanup
-ExecStartPre=/opt/bro/bin/broctl check
-ExecStartPre=/opt/bro/bin/broctl install
-ExecStart=/opt/bro/bin/broctl start
-ExecStop=/opt/bro/bin/broctl stop
-RestartSec=10s
-Type=oneshot
-RemainAfterExit=yes
-TimeoutStopSec=600
-
-[Install]
-WantedBy=multi-user.target
--- a/Vagrant/resources/splunk_server/splunk-add-on-for-zeek-aka-bro_400.tgz
+++ b/Vagrant/resources/splunk_server/splunk-add-on-for-zeek-aka-bro_400.tgz
--- a/Vagrant/resources/zeek/zeek.service
+++ b/Vagrant/resources/zeek/zeek.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Zeek
+After=network.target
+
+[Service]
+ExecStartPre=-/opt/zeek/bin/zeekctl cleanup
+ExecStartPre=/opt/zeek/bin/zeekctl check
+ExecStartPre=/opt/zeek/bin/zeekctl install
+ExecStart=/opt/zeek/bin/zeekctl start
+ExecStop=/opt/zeek/bin/zeekctl stop
+RestartSec=10s
+Type=oneshot
+RemainAfterExit=yes
+TimeoutStopSec=600
+
+[Install]
+WantedBy=multi-user.target