VAST is a tool for the network telemetry engine for data-driven security investigations.
Key Features
Get VAST
Linux users can download our latest static binary release via browser or cURL.
curl -L -O https://storage.googleapis.com/tenzir-public-data/vast-static-builds/vast-static-latest.tar.gz
Unpack the archive. It contains three folders bin
, etc
, and share
. To get started invoke the binary in the bin
directory directly.
tar xfz vast-static-latest.tar.gz
bin/vast –help
To install VAST properly for your local user simly place the unpacked folders in /usr/local/
.
FreeBSD and macOS users have to build from source. Clone the master
branch to get the most recent version of VAST.
git clone –recursive https://github.com/tenzir/vast
Once you have all dependencies in place, build VAST with the following commands:
cmake -B build
cmake –build build
ctest –test-dir build
cmake –build build –target integration
cmake –install build [–prefix /path/to/prefix]
For custom compilation options, you can either pass -DCMAKE_OPTION=foo
to the cmake invocation, or use ccmake
in the build directory.
The installation guide contains more detailed and platform-specific instructions on how to build and install VAST.
Getting Started
Here are some commands to get a first glimpse of what VAST can do for you.
Start a VAST node:
vast start
Ingest Zeek logs of various kinds:
zcat *.log.gz | vast import zeek
Run a query over the last hour, rendered as JSON
vast export json ‘:timestamp > 1 hour ago && (6.6.6.6 || 5353/udp)’
Ingest a PCAP trace with a 1024-byte flow cutoff:
vast import pcap -c 1024 < trace.pcap
Run a query over PCAP data, sort the packets by time, and feed them into tcpdump
:
vast export pcap “sport > 60000/tcp && src !in 10.0.0.0/8” \
| ipsumdump –collate -w – \
| tcpdump -r – -nl
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…