Right now AIP input data is very strict and it makes it hard to work with.
Specifically, it should auto discover the zeek logs in the raw folder such as it would be possible to have data from multiple sensors/honeypots:
data/raw/sensor1/<zeek-logs>
data/raw/sensor2/<zeek-logs>
data/raw/sensorN/<zeek-logs>
Right now the only apparent accepted input is:
data/raw/YYYY-MM-DD/conn.*.gz
Right now AIP input data is very strict and it makes it hard to work with.
Specifically, it should auto discover the zeek logs in the raw folder such as it would be possible to have data from multiple sensors/honeypots:
Right now the only apparent accepted input is: