Metadata-Version: 2.4
Name: zeek-reports
Version: 0.1.0
Summary: Zeek notice reporting with CSV/JSON output and anomaly detection.
Author-email: ESS Security <security@esss.lu.se>
Requires-Python: >=3.6
Description-Content-Type: text/markdown
Provides-Extra: dev
Requires-Dist: pytest; extra == "dev"

# zeek-reports

zeek-reports is a Python script that generates Zeek notice reports in text, CSV, and JSON formats. It is designed to improve reporting for security posture assessments, highlight targeted Notice events, and surface anomalous or unauthorized activity for investigation.

## Install

```bash
git clone git@gitlab.esss.lu.se:cert-ess/zeek-reports.git
cd zeek-reports
pip3 install . # doing this in a virtual environment is better

```

## Usage
```sh
usage:
	zeek_notice_report.py --period {daily,weekly,monthly} [--log-root LOG_ROOT]
	                      [--networks NETWORKS] [--include-today]
	                      [--no-baseline] [--output OUTPUT]
	                      [--output-dir OUTPUT_DIR]

optional arguments:
  -h, --help            show this help message and exit
  --period              Report period based on local system time.
  --log-root            Root Zeek log directory (default: /opt/zeek/logs).
  --networks            Path to networks.cfg for internal IP ranges.
  --include-today       Include the current day in the report window.
  --no-baseline         Skip baseline comparisons (faster, fewer anomalies).
  --output              Write report to a file instead of stdout.
  --output-dir          Directory to write JSON/CSV reports.

For Example:

       zeek_notice_report.py --period daily --output /home/csi/reports/zeek/zeek_notice_daily.txt
```
## Uninstall
```sh
pip3 uninstall zeek-reports
Found existing installation: zeek-reports 0.1.0
Uninstalling zeek-reports-0.1.0:
  Would remove:
    /usr/local/bin/zeek-notice-report
    /usr/local/lib/python3.8/site-packages/zeek_reports-0.1.0.dist-info
Proceed (y/n)? y
  Successfully uninstalled zeek-reports-0.1.0
```
[![Quality Gate Status](https://sonarqube.esss.lu.se/api/project_badges/measure?project=zeek-reports&metric=alert_status)](https://sonarqube.esss.lu.se/dashboard?id=zeek-reports)
