Replace external zeek-community-id with builtin community-id. Disable plugin-tds + plugin-profinet. Not updated for Zeek 6.x

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
2025-12-07 17:52:46 +01:00 · 2023-10-16 15:18:26 -04:00
parent 2f0e673ec3
commit e5c936e8cf
1 changed files with 6 additions and 5 deletions
--- a/salt/zeek/defaults.yaml
+++ b/salt/zeek/defaults.yaml
@@ -49,12 +49,13 @@ zeek:
        - frameworks/files/hash-all-files
        - frameworks/files/detect-MHR
        - policy/frameworks/notice/extend-email/hostnames
+        - policy/frameworks/notice/community-id
+        - policy/protocols/conn/community-id-logging
        - ja3
        - hassh
        - intel
        - cve-2020-0601
        - securityonion/bpfconf
-        - securityonion/communityid
        - securityonion/file-extraction
        - oui-logging
        - icsnpp-modbus
@@ -65,8 +66,8 @@ zeek:
        - icsnpp-opcua-binary
        - icsnpp-bsap
        - icsnpp-s7comm
-        - zeek-plugin-tds
-        - zeek-plugin-profinet
+        # - zeek-plugin-tds
+        # - zeek-plugin-profinet
        - zeek-spicy-wireguard
        - zeek-spicy-stun
      load-sigs: