The Apricot Query Pack provides a curated collection of ready-to-use Zed/Zui queries designed for analyzing Zeek, Suricata, and general network telemetry. This pack streamlines the process of examining network activity, detecting anomalies, and extracting meaningful insights from structured security data.
- Prebuilt query sets for Zeek and Suricata logs.
- Standardized and optimized Zed queries.
- Clean folder structure for use inside the Zui application.
- Easy import process for rapid analysis.
Clone the repository:
git clone https://github.com/tboy-hacker/apricot-queries.gitOr download the ZIP from the repository and extract it locally.
- Open the Zui application.
- Select + in the upper-left corner.
- Choose Import Queries….
- Select the JSON files from the
Apricotfolder.
After import, the queries will appear under the Queries panel in a folder named Apricot.
The pack includes queries for:
- Network connection analysis
- DNS activity and domain intelligence
- HTTP traffic inspection
- TLS certificate and handshake review
- File activity and transfer tracing
- Suricata alert investigation
- General anomaly and behavior detection
Each query is categorized to make navigation simple inside Zui.
Contributions are welcome. To contribute:
- Fork the repository.
- Create a feature branch.
- Add or update queries with proper documentation.
- Submit a pull request.
For issues or questions, open an issue in the repository or contact: okwaratoto11@gmail.com
This project is licensed under the MIT License. See the LICENSE file for details.
If you want a more detailed version, a shorter one, or a version tailored specifically for Zeek-only or Suricata-only packs, I can refine it further.