VAST is a tool for the network telemetry engine for data-driven security investigations.
Key Features
Get VAST
Linux users can download our latest static binary release via browser or cURL.
curl -L -O https://storage.googleapis.com/tenzir-public-data/vast-static-builds/vast-static-latest.tar.gz
Unpack the archive. It contains three folders bin
, etc
, and share
. To get started invoke the binary in the bin
directory directly.
tar xfz vast-static-latest.tar.gz
bin/vast –help
To install VAST properly for your local user simly place the unpacked folders in /usr/local/
.
FreeBSD and macOS users have to build from source. Clone the master
branch to get the most recent version of VAST.
git clone –recursive https://github.com/tenzir/vast
Once you have all dependencies in place, build VAST with the following commands:
cmake -B build
cmake –build build
ctest –test-dir build
cmake –build build –target integration
cmake –install build [–prefix /path/to/prefix]
For custom compilation options, you can either pass -DCMAKE_OPTION=foo
to the cmake invocation, or use ccmake
in the build directory.
The installation guide contains more detailed and platform-specific instructions on how to build and install VAST.
Getting Started
Here are some commands to get a first glimpse of what VAST can do for you.
Start a VAST node:
vast start
Ingest Zeek logs of various kinds:
zcat *.log.gz | vast import zeek
Run a query over the last hour, rendered as JSON
vast export json ‘:timestamp > 1 hour ago && (6.6.6.6 || 5353/udp)’
Ingest a PCAP trace with a 1024-byte flow cutoff:
vast import pcap -c 1024 < trace.pcap
Run a query over PCAP data, sort the packets by time, and feed them into tcpdump
:
vast export pcap “sport > 60000/tcp && src !in 10.0.0.0/8” \
| ipsumdump –collate -w – \
| tcpdump -r – -nl
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…