WIP-Draft: Feature/zeek integration by maldwg · Pull Request #10 · ASTRAOS-de/hamstring

maldwg · 2025-10-17T12:58:56Z

Zeek integration as CIDS sensors for HTTP and DNS traffic

TODO: missing still new tests and replacement tests

…e/zeek-integration

…ox structure

…r between internal and external kafka traffic

…e/zeek-integration

maldwg · 2025-11-06T15:56:08Z

Finally fixed the integration. @stefanDeveloper @lamr02n you can now try to run that locally and see if it works on your devices as well and give general feedback of course.

HOST_IP=127.0.0.1 docker compose -f docker/docker-compose.yml --profile dev up

stefanDeveloper

Detector _get_features has to be fixed

stefanDeveloper · 2025-11-07T13:01:23Z

+        y_pred = self.model.predict_proba(self._get_features(message["domain_name"]))
+        return y_pred
+
+    def _get_features(self, query: str):


Old feature calculation.

stefanDeveloper

Nice, looks good!

maldwg added 30 commits June 27, 2025 13:34

Commit first draft

46973ea

Finish first draft for integrating zeek

c685af1

made kafka work with external addresses also

3c9d5d4

complete and fix tests

3a047b1

fix zeek handler for multiple kafka topics

f37b9ec

add configuration for dns payload size

a5b26e6

adapt logserver to work with multiple topics

0f83370

Adapt logcollector and batch handler to work with new topic design

ea0acef

Fix some remaining timestamp key issues

8070f02

begin work on prefilter

cff6d16

fixed collector again

3f3bf73

added prefilter for new layout with some technical debt

7a7abc8

add first draft until detector

7282b65

finish all modules first drafts

250323d

Add kafka topic exporter

9ac2678

finish first draft for zeek!

ee4164a

first draft for batch-tree

92a514e

fix dashboard for latencies

f652435

update dashboard and fix loglines count again

f368e85

finish monitoring metrics for latencies

977fc2b

format everything

75e8d30

fix kafka tests

5385eda

begin reworking the logserver teste

79e4a27

finish logserver tests

13e1ba7

fix log collector instance tests

513be82

adapt prefilter tests for now

c6cb54a

TODO: missing still new tests and replacement tests

fix loglinehandler and add relevance handler tests

40096c5

add prefilter tests

aa70188

finish correcting tests for now

a503d36

correct last logcollector test

8c69182

maldwg added 13 commits August 29, 2025 12:36

Finish documentation adpatations

1c38488

Finish tests for detector

d71a8eb

fix small zeek configs and detector cheksum

9aef480

Run code formatting

6555e81

update gitignore to allow updates to requirements files

1d79c02

Merge branch 'main' of github.com:Hamstring-NDR/hamstring into featur…

c21c198

…e/zeek-integration

Fix unit test errors and adapt detector modules to work with new heib…

dc622d6

…ox structure

Refactor timestamp fields to "ts"

740d505

Refactor timestamp fields to "ts"

6fffa48

Adapt configuration and environment to be able to differentiate bette…

a8b425c

…r between internal and external kafka traffic

Fix integration of zeek changes

77018f0

restructure docker compsoe files using profiles now

0545dc7

code formatting

5a647e9

maldwg changed the base branch from main to dev November 6, 2025 13:53

maldwg changed the base branch from dev to main November 6, 2025 13:53

maldwg changed the base branch from main to dev November 6, 2025 13:54

maldwg added 2 commits November 6, 2025 16:36

Merge branch 'main' of github.com:Hamstring-NDR/hamstring into featur…

cffbf56

…e/zeek-integration

Fix tests for prefilter again

73ce00e

maldwg requested review from lamr02n and stefanDeveloper November 6, 2025 16:01

stefanDeveloper requested changes Nov 7, 2025

View reviewed changes

Adapt detector and detectopr tests to be state of the art

937d42e

stefanDeveloper approved these changes Nov 7, 2025

View reviewed changes

stefanDeveloper assigned maldwg Nov 7, 2025

stefanDeveloper added the enhancement New feature or request label Nov 7, 2025

stefanDeveloper merged commit b6a866d into dev Nov 7, 2025

stefanDeveloper linked an issue Nov 7, 2025 that may be closed by this pull request

Zeek integration #8

Closed

stefanDeveloper mentioned this pull request Nov 7, 2025

Zeek integration #8

Closed

maldwg deleted the feature/zeek-integration branch March 23, 2026 13:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WIP-Draft: Feature/zeek integration#10

WIP-Draft: Feature/zeek integration#10
stefanDeveloper merged 61 commits into
devfrom
feature/zeek-integration

maldwg commented Oct 17, 2025

Uh oh!

maldwg commented Nov 6, 2025

Uh oh!

stefanDeveloper left a comment

Uh oh!

stefanDeveloper Nov 7, 2025

Uh oh!

maldwg Nov 7, 2025

Uh oh!

stefanDeveloper left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

maldwg commented Oct 17, 2025

Uh oh!

maldwg commented Nov 6, 2025

Uh oh!

stefanDeveloper left a comment

Choose a reason for hiding this comment

Uh oh!

stefanDeveloper Nov 7, 2025

Choose a reason for hiding this comment

Uh oh!

maldwg Nov 7, 2025

Choose a reason for hiding this comment

Uh oh!

stefanDeveloper left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants