This section covers a brief walk-through of how to get started with Threat Bus. First, install Threat Bus and all plugins you need. Use the default configuration file to get started or create a custom one.
Display the help text:
Pass a configuration file to Threat Bus via
Start Zeek as Threat Bus App
Apps need to register at the bus. Zeek can be scripted, and the relevant functionality for Zeek to subscribe to Threat Bus is implemented in this Zeek script. To connect Zeek with Threat Bus, download and load the Zeek script as follows.
Request an IoC Snapshot with Zeek
Threat Bus allows apps to request snapshots of intelligence items from the past. The Zeek script implements the request functionality. Invoke it like this.
Use the Docker Container
Threat Bus can be used in a containerized setup. The pre-built docker image comes with all required dependencies and all existing plugins pre-installed.