Zeek-based Network Traffic Data Processing
In this part of the tutorial, we will transform network traffic capture into a graph and store it in the graph database Dgraph. To do this, we will use the Granef toolkit, which simplifies the whole data transformation process. We will then look at analyzing these graph data using the "Okay-boomer" exercise from https://www.malware-traffic-analysis.net/2019/11/12/index.html.
Please check the Requirements section with all essential information and ensure that you have everything prepared.
Initial steps
To facilitate all the data transformation steps, we use the Granef toolkit, which automates the transformation and handles communication with containers environment. You can check its arguments using the following command.
linux:$ granef -h
usage: granef [-h] [-c CONFIGURATION_FILE]
(-p | -n | -r {images,network,operations,all} | -o {extraction,transformation,indexing,handling,analysis} | -a)
[-t {run,stop,start,remove}] [-i INPUT_FILE_OR_DIRECTORY_PATH] [-s CASE_NAME]
[-l {debug,info,warning,error,critical}]
optional arguments:
-h, --help show this help message and exit
-c CONFIGURATION_FILE, --configuration CONFIGURATION_FILE
Configuration file
-p, --pull Pull all images
-n, --network Create network
-r {images,network,operations,all}, --remove {images,network,operations,all}
Remove specified objects
-o {extraction,transformation,indexing,handling,analysis}, --operation {extraction,transformation,indexing,handling,analysis}
Select operation
-a, --all Setup containers environment and perform all operations
-t {run,stop,start,remove}, --task {run,stop,start,remove}
Select operation task
-i INPUT_FILE_OR_DIRECTORY_PATH, --input INPUT_FILE_OR_DIRECTORY_PATH
Input file or directory path
-s CASE_NAME, --source CASE_NAME
Case name stored as a source to each node
-l {debug,info,warning,error,critical}, --log {debug,info,warning,error,critical}
Log level
The first thing you need to do is pull all the container images (requires approximately 1.9 GB disk space).
linux:$ granef -p
2023-06-20 12:40:45 granef [INFO]: Container image pull: extraction-zeek
2023-06-20 12:40:54 granef [INFO]: Container image pull: transformation-zeek-dgraph
2023-06-20 12:40:56 granef [INFO]: Container image pull: dgraph-handler
2023-06-20 12:41:03 granef [INFO]: Container image pull: analysis-api
2023-06-20 12:41:04 granef [INFO]: Container image pull: analysis-web
2023-06-20 12:41:16 granef [INFO]: All container images pulled successfully
Next, we need to create a virtual network. After that, the initial preparation is complete.
linux:$ granef -n
2023-06-20 12:42:36 granef [INFO]: Creating network: granef-network
2023-06-20 12:42:36 granef [INFO]: Network granef-network created successfully
Data extraction
The first step of the transformation is extracting information from the capture. This tutorial uses the Zeek Network Security Monitor to parse the packet capture and extract relevant information. Granef uses Zeek as a default option to extract the data.
In the Granef toolkit, the Zeek is part of the extraction module, which can be executed using the following command.
linux:$ granef -i tutorial-data/tutorial.pcap -o extraction -t run
2023-06-20 12:43:25 granef [INFO]: Starting extraction operation parts
2023-06-20 12:43:25 granef [INFO]: Running container 'granef-extraction' from image: registry.gitlab.ics.muni.cz:443/granef/extraction-zeek:latest
2023-06-20 12:43:32 granef [INFO]: All extraction operation parts has been started
The result of the extraction operation is individual Zeek logs placed in the same folder as the original capture.
linux:$ ls tutorial-data/
exercise.pcap granef-extraction
linux:$ ls tutorial-data/granef-extraction/zeek/
capture_loss.log dpd.log known_hosts.log ntlm.log pe.log software.log x509.log
conn.log files.log known_services.log ntp.log reporter.log ssl.log
dce_rpc.log http.log loaded_scripts.log ocsp.log smb_files.log stats.log
dns.log kerberos.log notice.log packet_filter.log smb_mapping.log weird.log
linux:$ head -n 2 tutorial-data/granef-extraction/zeek/conn.log
{"ts":"2019-11-11T22:20:03.578876Z","uid":"C2KIKuCsugXQc6G71","id.orig_h":"10.11.11.145","id.orig_p":35962,"id.resp_h":"8.8.8.8","id.resp_p":53,"proto":"udp","service":"dns","duration":0.01794600486755371,"orig_bytes":30,"resp_bytes":62,"conn_state":"SF","local_orig":true,"local_resp":false,"missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":58,"resp_pkts":1,"resp_ip_bytes":90}
{"ts":"2019-11-11T22:20:07.717444Z","uid":"Co5Sdd1YADYjYjB1jl","id.orig_h":"10.11.11.179","id.orig_p":65101,"id.resp_h":"10.11.11.11","id.resp_p":53,"proto":"udp","service":"dns","duration":0.981281042098999,"orig_bytes":64,"resp_bytes":367,"conn_state":"SF","local_orig":true,"local_resp":true,"missed_bytes":0,"history":"Dd","orig_pkts":2,"orig_ip_bytes":120,"resp_pkts":1,"resp_ip_bytes":395}
Data transformation
The second step is the transformation of Zeek logs into the format suitable for a graph database according to the defined schema. Granef toolkit uses the scalable graph database Dgraph, which allows us to store and subsequently query large amounts of data. This database uses RDF triplets as input, so the toolkit contains a custom script that transforms Zeek logs into this format.
The data is transformed according to the schema, which description can be found on the Granef toolkit website (don't forget to take a look at the interactive diagram): https://granef.csirt.muni.cz/#database.
Use the following command to transform the Zeek logs (please check the module documentation to see which log files are currently supported).
linux:$ granef -i tutorial-data/tutorial.pcap -o transformation -t run
2023-06-20 12:43:46 granef [INFO]: Starting transformation operation parts
2023-06-20 12:43:46 granef [WARNING]: Using input name from the configuration file: granef-extraction/
2023-06-20 12:43:46 granef [INFO]: Running container 'granef-transformation' from image: registry.gitlab.ics.muni.cz:443/granef/transformation-zeek-dgraph:latest
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for capture_loss.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for dce_rpc.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for dpd.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for known_hosts.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for known_services.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for loaded_scripts.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for ntlm.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for ocsp.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for packet_filter.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for pe.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for stats.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for telemetry.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Schema for weird.log is not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for capture_loss.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for dce_rpc.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for dpd.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for known_hosts.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for known_services.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for loaded_scripts.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for ocsp.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for ntlm.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for pe.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for packet_filter.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for stats.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for weird.log are not defined
2023-06-20 12:43:48 granef-transformation [WARNING]: Mutations for telemetry.log are not defined
2023-06-20 12:43:48 granef [INFO]: All transformation operation parts has been started
The transformation operation results are a schema file (which contains the description of the data model) and an RDF file with all the data.
linux:$ ls tutorial-data/
exercise.pcap granef-extraction granef-transformation
linux:$ ls tutorial-data/granef-transformation/zeek/
zeek-dgraph.rdf zeek-dgraph.schema
linux:$ head -n 2 tutorial-data/granef-transformation/zeek/zeek-dgraph.rdf
_:C2KIKuCsugXQc6G71 <source> "granef-case_id" .
_:C2KIKuCsugXQc6G71 <connection.uid> "C2KIKuCsugXQc6G71" .
linux:$ head -n 2 tutorial-data/granef-transformation/zeek/zeek-dgraph.schema
connection.conn_state: string @index(exact) .
connection.duration: float @index(float) .
Data indexing
The last step of data transformation is indexing by the graph database. The Granef toolkit uses the indexing operation for this purpose (it calls the Dgraph Bulk Loader). Use the following command to index the data.
linux:$ granef -i tutorial-data/tutorial.pcap -o indexing -t run
2023-06-20 12:44:12 granef [INFO]: Starting indexing operation parts
2023-06-20 12:44:12 granef [WARNING]: Using input name from the configuration file: granef-transformation/
2023-06-20 12:44:12 granef [INFO]: Running container 'granef-indexing' from image: registry.gitlab.ics.muni.cz:443/granef/dgraph-handler:latest
2023-06-20 12:44:22 granef [INFO]: All indexing operation parts has been started
The result is internal Dgraph database files containing all the data necessary for a database start.
linux:$ ls tutorial-data/
exercise.pcap granef-extraction granef-indexing granef-transformation
linux:$ ls tutorial-data/granef-indexing/0/p/
000001.sst 000014.sst 000028.sst 000042.sst 000056.sst 000070.sst 000084.sst 000098.sst 000112.sst 000126.sst
000001.vlog 000015.sst 000029.sst 000043.sst 000057.sst 000071.sst 000085.sst 000099.sst 000113.sst 000127.sst
000002.sst 000016.sst 000030.sst 000044.sst 000058.sst 000072.sst 000086.sst 000100.sst 000114.sst 000128.sst
000003.sst 000017.sst 000031.sst 000045.sst 000059.sst 000073.sst 000087.sst 000101.sst 000115.sst 000129.sst
000004.sst 000018.sst 000032.sst 000046.sst 000060.sst 000074.sst 000088.sst 000102.sst 000116.sst 000130.sst
000005.sst 000019.sst 000033.sst 000047.sst 000061.sst 000075.sst 000089.sst 000103.sst 000117.sst 000131.sst
000006.sst 000020.sst 000034.sst 000048.sst 000062.sst 000076.sst 000090.sst 000104.sst 000118.sst 000132.sst
000007.sst 000021.sst 000035.sst 000049.sst 000063.sst 000077.sst 000091.sst 000105.sst 000119.sst 000133.sst
000008.sst 000022.sst 000036.sst 000050.sst 000064.sst 000078.sst 000092.sst 000106.sst 000120.sst 000134.sst
000009.sst 000023.sst 000037.sst 000051.sst 000065.sst 000079.sst 000093.sst 000107.sst 000121.sst DISCARD
000010.sst 000024.sst 000038.sst 000052.sst 000066.sst 000080.sst 000094.sst 000108.sst 000122.sst KEYREGISTRY
000011.sst 000025.sst 000039.sst 000053.sst 000067.sst 000081.sst 000095.sst 000109.sst 000123.sst MANIFEST
000012.sst 000026.sst 000040.sst 000054.sst 000068.sst 000082.sst 000096.sst 000110.sst 000124.sst group_id
000013.sst 000027.sst 000041.sst 000055.sst 000069.sst 000083.sst 000097.sst 000111.sst 000125.sst
Data handling and analysis
Once the data is ready, the database and analysis environment can be launched. We can use the standard analysis environment provided by Dgraph. However, this is focused more on development and is not tailored to our use case. Thus, the Granef toolkit provides a graphical web interface where the network traffic data can be queried and interactively analyzed.
To start the graph database Dgraph, use the following command.
linux:$ granef -i tutorial-data/tutorial.pcap -o handling -t run
2023-06-20 12:44:42 granef [INFO]: Starting handling operation parts
2023-06-20 12:44:42 granef [WARNING]: Using input name from the configuration file: Null
2023-06-20 12:44:42 granef [INFO]: Running container 'granef-handling-zero' from image: registry.gitlab.ics.muni.cz:443/granef/dgraph-handler:latest
2023-06-20 12:44:43 granef [WARNING]: Using input name from the configuration file: granef-indexing/
2023-06-20 12:44:43 granef [INFO]: Running container 'granef-handling-alpha' from image: registry.gitlab.ics.muni.cz:443/granef/dgraph-handler:latest
2023-06-20 12:44:43 granef [INFO]: All handling operation parts has been started
This command started the graph database and made it available on localhost ports (http://127.0.0.1:8080). You can open the Dgraph graphical environment and see the available data. Visit page https://play.dgraph.io/ and insert the localhost address as a Dgraph Server.
To start the Granef toolkit graphical web interface, run the following command.
linux:$ granef -i tutorial-data/tutorial.pcap -o analysis -t run
2023-06-20 12:45:08 granef [INFO]: Starting analysis operation parts
2023-06-20 12:45:08 granef [WARNING]: Using input name from the configuration file: Null
2023-06-20 12:45:08 granef [INFO]: Running container 'granef-analysis-api' from image: registry.gitlab.ics.muni.cz:443/granef/analysis-api:latest
2023-06-20 12:45:08 granef [WARNING]: Using input name from the configuration file: Null
2023-06-20 12:45:08 granef [INFO]: Running container 'granef-analysis-web' from image: registry.gitlab.ics.muni.cz:443/granef/analysis-web-v2:latest
2023-06-20 12:45:09 granef [INFO]: All analysis operation parts has been started
Now, we can access the Granef interface in your browser at http://127.0.0.1:8000, create a new visualization environment, and start analyzing the processed network traffic data.
Both operations are running as a service and thus need to be terminated once the analysis is complete.
Summary and clean up
All the data transformation steps can be fully automated with the Granef toolkit using the -a argument.
linux:$ granef -i tutorial-data/tutorial.pcap -a
2023-06-20 13:47:00 granef [INFO]: Container environment initialization
2023-06-20 13:47:00 granef [INFO]: Container image pull: extraction-zeek
2023-06-20 13:47:08 granef [INFO]: Container image pull: transformation-zeek-dgraph
2023-06-20 13:47:11 granef [INFO]: Container image pull: dgraph-handler
2023-06-20 13:47:18 granef [INFO]: Container image pull: analysis-api
2023-06-20 13:47:20 granef [INFO]: Container image pull: analysis-web
2023-06-20 13:47:28 granef [INFO]: All container images pulled successfully
2023-06-20 13:47:28 granef [INFO]: Creating network: granef-network
2023-06-20 13:47:28 granef [INFO]: Network granef-network created successfully
2023-06-20 13:47:28 granef [INFO]: Workflow starting
2023-06-20 13:47:28 granef [INFO]: Starting extraction operation parts
2023-06-20 13:47:28 granef [INFO]: Running container 'granef-extraction' from image: registry.gitlab.ics.muni.cz:443/granef/extraction-zeek:latest
2023-06-20 13:47:40 granef [INFO]: All extraction operation parts has been started
2023-06-20 13:47:40 granef [INFO]: Starting transformation operation parts
2023-06-20 13:47:40 granef [WARNING]: Using input name from the configuration file: granef-extraction/
2023-06-20 13:47:40 granef [INFO]: Running container 'granef-transformation' from image: registry.gitlab.ics.muni.cz:443/granef/transformation-zeek-dgraph:latest
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for capture_loss.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for dce_rpc.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for dpd.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for known_hosts.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for known_services.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for loaded_scripts.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for ntlm.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for ocsp.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for packet_filter.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for pe.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for stats.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for telemetry.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Schema for weird.log is not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for capture_loss.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for dce_rpc.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for dpd.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for known_hosts.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for known_services.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for loaded_scripts.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for ntlm.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for ocsp.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for packet_filter.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for pe.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for stats.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for weird.log are not defined
2023-06-20 13:47:42 granef-transformation [WARNING]: Mutations for telemetry.log are not defined
2023-06-20 13:47:42 granef [INFO]: All transformation operation parts has been started
2023-06-20 13:47:42 granef [INFO]: Starting indexing operation parts
2023-06-20 13:47:42 granef [WARNING]: Using input name from the configuration file: granef-transformation/
2023-06-20 13:47:42 granef [INFO]: Running container 'granef-indexing' from image: registry.gitlab.ics.muni.cz:443/granef/dgraph-handler:latest
2023-06-20 13:47:52 granef [INFO]: All indexing operation parts has been started
2023-06-20 13:47:52 granef [INFO]: Starting handling operation parts
2023-06-20 13:47:52 granef [WARNING]: Using input name from the configuration file: Null
2023-06-20 13:47:52 granef [INFO]: Running container 'granef-handling-zero' from image: registry.gitlab.ics.muni.cz:443/granef/dgraph-handler:latest
2023-06-20 13:47:53 granef [WARNING]: Using input name from the configuration file: granef-indexing/
2023-06-20 13:47:53 granef [INFO]: Running container 'granef-handling-alpha' from image: registry.gitlab.ics.muni.cz:443/granef/dgraph-handler:latest
2023-06-20 13:47:54 granef [INFO]: All handling operation parts has been started
2023-06-20 13:47:54 granef [INFO]: Starting analysis operation parts
2023-06-20 13:47:54 granef [WARNING]: Using input name from the configuration file: Null
2023-06-20 13:47:54 granef [INFO]: Running container 'granef-analysis-api' from image: registry.gitlab.ics.muni.cz:443/granef/analysis-api:latest
2023-06-20 13:47:54 granef [WARNING]: Using input name from the configuration file: Null
2023-06-20 13:47:54 granef [INFO]: Running container 'granef-analysis-web' from image: registry.gitlab.ics.muni.cz:443/granef/analysis-web-v2:latest
2023-06-20 13:47:55 granef [INFO]: All analysis operation parts has been started
After the analysis is finished, you need to disable the handling and analysis operations. This can be done using the following command.
linux:$ granef -r operations
2023-06-20 13:48:22 granef [INFO]: Removing extraction operation parts
2023-06-20 13:48:22 granef [INFO]: Removing container: granef-extraction
2023-06-20 13:48:22 granef [WARNING]: Container granef-extraction not found
2023-06-20 13:48:22 granef [INFO]: All extraction operation parts has been removed
2023-06-20 13:48:22 granef [INFO]: Removing transformation operation parts
2023-06-20 13:48:22 granef [INFO]: Removing container: granef-transformation
2023-06-20 13:48:22 granef [WARNING]: Container granef-transformation not found
2023-06-20 13:48:22 granef [INFO]: All transformation operation parts has been removed
2023-06-20 13:48:22 granef [INFO]: Removing indexing operation parts
2023-06-20 13:48:22 granef [INFO]: Removing container: granef-indexing
2023-06-20 13:48:22 granef [WARNING]: Container granef-indexing not found
2023-06-20 13:48:22 granef [INFO]: All indexing operation parts has been removed
2023-06-20 13:48:22 granef [INFO]: Removing handling operation parts
2023-06-20 13:48:22 granef [INFO]: Removing container: granef-handling-zero
2023-06-20 13:48:22 granef [INFO]: Removing container: granef-handling-alpha
2023-06-20 13:48:23 granef [INFO]: All handling operation parts has been removed
2023-06-20 13:48:23 granef [INFO]: Removing analysis operation parts
2023-06-20 13:48:23 granef [INFO]: Removing container: granef-analysis-api
2023-06-20 13:48:23 granef [INFO]: Removing container: granef-analysis-web
2023-06-20 13:48:24 granef [INFO]: All analysis operation parts has been removed
If you want to remove everything, including container environment settings and downloaded images, use the following command.
linux:$ granef -r all
2023-06-20 13:49:48 granef [INFO]: Removing extraction operation parts
2023-06-20 13:49:48 granef [INFO]: Removing container: granef-extraction
2023-06-20 13:49:48 granef [WARNING]: Container granef-extraction not found
2023-06-20 13:49:48 granef [INFO]: All extraction operation parts has been removed
2023-06-20 13:49:48 granef [INFO]: Removing transformation operation parts
2023-06-20 13:49:48 granef [INFO]: Removing container: granef-transformation
2023-06-20 13:49:48 granef [WARNING]: Container granef-transformation not found
2023-06-20 13:49:48 granef [INFO]: All transformation operation parts has been removed
2023-06-20 13:49:48 granef [INFO]: Removing indexing operation parts
2023-06-20 13:49:48 granef [INFO]: Removing container: granef-indexing
2023-06-20 13:49:48 granef [WARNING]: Container granef-indexing not found
2023-06-20 13:49:48 granef [INFO]: All indexing operation parts has been removed
2023-06-20 13:49:48 granef [INFO]: Removing handling operation parts
2023-06-20 13:49:48 granef [INFO]: Removing container: granef-handling-zero
2023-06-20 13:49:49 granef [INFO]: Removing container: granef-handling-alpha
2023-06-20 13:49:49 granef [INFO]: All handling operation parts has been removed
2023-06-20 13:49:49 granef [INFO]: Removing analysis operation parts
2023-06-20 13:49:49 granef [INFO]: Removing container: granef-analysis-api
2023-06-20 13:49:50 granef [INFO]: Removing container: granef-analysis-web
2023-06-20 13:49:50 granef [INFO]: All analysis operation parts has been removed
2023-06-20 13:49:50 granef [INFO]: Container image remove: extraction-zeek
2023-06-20 13:49:51 granef [INFO]: Container image remove: transformation-zeek-dgraph
2023-06-20 13:49:51 granef [INFO]: Container image remove: dgraph-handler
2023-06-20 13:49:51 granef [INFO]: Container image remove: analysis-api
2023-06-20 13:49:51 granef [INFO]: Container image remove: analysis-web
2023-06-20 13:49:52 granef [INFO]: All container images have been removed
2023-06-20 13:49:52 granef [INFO]: Removing network: granef-network
2023-06-20 13:49:52 granef [INFO]: Network granef-network has been removed
For more information on using the Granef toolkit, please visit the official website: https://granef.csirt.muni.cz/#usage.