Teleseer processes network collection files containing 802.3 or 802.11 headers. These files can be one-off collections or can exist within a compressed archive.

In addition to network collection files, Teleseer processes bro/zeek logs.

Network collection files

The following network collection file types are supported:

Bro/Zeek

‍Cooked PCAPs - "cooked" network collection files are not currently supported

The following bro/zeek log files can be imported into Teleseer:

‍

It is recommended to use a supported compressed archive file such that all .log files can be ingested at once.Assets created from log files without layer 2 content will appear within the External Hosts tab.

To create logs with layer 2 content, use the following zeek flag: policy/protocols/conn/mac-logging‍

# Example

$ zeek -C -r maccdc_demo.pcap policy/protocols/conn/mac-logging

‍‍For more information on additional support and policies for zeek, see the Zeek Script Index

‍Supported formats
Teleseer currently provides support for the TSV format.
JSON format is not currently supported.

Compressed archives

The following compressed archives are supported:

Compressed archives should contain one or more of the above-supported file types.

Firewall/Router Configurations

The following router configurations are supported: