[Zeek] Elastic Common Schema mapping
Brian Dye
brian at corelight.com
Sat Oct 19 12:52:32 PDT 2019
All,
Following up on my brief comments at ZeekWeek, happy to share that we've
developed a mapping of Zeek fields to the Elastic Common Schema. It is
posted at https://github.com/corelight/ecs-mapping - looking forward to
feedback and of course if there are any issues let us know (big thanks to
Richard, cc'd above, for his work as the first deployment!). We'll work to
update this as the ECS revs - there are several field they don't have in
the schema yet. Happy mapping!
Best,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191019/05dcecee/attachment.html
More information about the Zeek
mailing list