Student: Hariom Chaturved (GitHub)
Organization: The Honeynet Project
Project: PcapMonkey Improvements
PcapMonkey is a Linux based Security tool that provides an easier way to analyze packet captures and Windows Event Logs. The latest release of PcapMonkey adds support for live analysis over an interface. It is based on Elasticsearch, and Kibana to index, process and analyze the logs generated by Suricata and Zeek(formerly Bro).
The project aimed to add multiple functionalities (like live traffic analysis, implementation of a test architecture, and zkg support) and improve logging configurations. Over the span of 10 weeks, I worked on the same as well as wrote the Wiki and upgraded the Zeek docker image to the latest release.
Following is the list of pull requests merged before the start of GSoC Coding Period.
Following is my contributions to PcapMonkey:
evtxtoelk
.Following is my contributions to docker-zeek:
Following is my contributions to evtxtoelk:
evtxtoelk
exported fields to that of winlogbeat
to unlock the Elasticsearch SIEM and other functionalities.The zkg integration to docker-zeek
is done however, its integration to PcapMonkey is still in progress, and require little more work to be done.
My learning experience over the last two months has been very fruitful and extremely beneficial.
The Honeynet Project mentors were amazing. I received excellent mentorship from them whenever I needed it.
I appreciate the GSoC program for providing a good way to get involved in the community and to get started with Open Source Development.