hardenedlinux-zeek-scripts
hardenedlinux-zeek-scripts is a collection of Zeek (formerly Bro) IDS scripts and tooling for building and deploying Zeek using the Nix package manager. It supports installable Zeek packages through zkg, Nix flakes, and zeekctl deployment. Key scripts include VirusTotal hash checking via public API and PostgreSQL logging, known-hash detection for file analysis, and Kafka integration for forwarding Zeek logs to Logstash via crafted topics. The repository provides reproducible Nix builds, tested with Zeek 3.0.0-rc1, and supports cluster setups with manager, proxy, and worker nodes. It also includes quick-start instructions using bro-pkg and direct zeek-cli invocation against custom local.zeek scripts, making it suitable for threat detection, file-hash reputation lookups, and integrating Zeek into ELK-based security pipelines on hardened Linux environments.