Page 9 of 9
Observe and log network security-related events
Source
Zeek (formerly Bro) is an open-source network security monitoring tool. Zeek creates compact, high-fidelity transaction logs, file content, and output suitable for security and information event management (SIEM) systems.
This integration is facilitated through the Cribl Stream Splunk TCP or HEC Source.
Configure Zeek to send logs to Splunk.(You can use the Splunk Add-on for Zeek aka Bro.)
Configure Stream to listen for Splunk data via Sources > Splunk TCP/HEC.
On the Splunk side, configure the system (UF/HF) to send to LogStream.
On the Stream side, specify the binding address, listening port, HEC endpoint, event breakers, and optional parameters.
Stream will start fetching data as it becomes available.
Monitor Zoom activity data and usage statistics
Source
Zoom can be configured to send account activity logs via webhooks. On the LogStream side, we can receive those calls via our native HTTPS source. As with any other critical technology, especially when interconnecting infrastructure, it’s important that administrators get real-time visibility and insights into how Zoom is being used. By bringing in your Zoom activity data and usage statistics, you can get a lot of insight into user behavior, and leverage this insight to increase efficiency in many technical and business processes.
This integration is facilitated through the Cribl Stream HTTP/S Source.
Find the HTTPS integration in Stream through Data > Sources and select HTTPS. Assign this Source a name and provide a port number, (e.g., 7003.) Make sure that this port is reachable externally, or at a minimum, from Zoom’s IP addresses.
Next, enable TLS, and provide your key and certs as necessary. If you don’t have a cert/key, then you can create and use a self-signed one.
Set up Zoom to send data to Stream by creating an App on marketplace.zoom.us.
Stream will receive data via the native HTTPS source.