Use this page when publishing PacketQL to GitHub and Docker Hub.
Keep the public message simple:
- open-source
- SOC-focused
- single-container
- easy to try
- public beta
Do not lead with the manual multi-service setup.
Short version:
Open-source SOC packet investigation platform that turns PCAP files into SQL-queryable security data.
Alternative shorter version:
Turn PCAP files into SQL-ready security investigations with a single Docker container.
Use one of:
- your product website
- your live demo URL
- your Docker Hub package page
Current public package:
https://hub.docker.com/r/jobish/packetql
pcap zeek soc security network-forensics duckdb parquet kafka threat-hunting incident-response ndr opensource
Single-container SOC PCAP investigation platform powered by Zeek, Kafka, Parquet, and DuckDB.
PacketQL is an open-source packet investigation platform that turns uploaded PCAP files into SQL-queryable security data.
The bundled container includes Zeek, Kafka in KRaft mode, a Go normalization and enrichment pipeline, Parquet output, DuckDB-backed querying, a Django API, and a React UI.
Recommended workflow:
- pull the image
- mount one host directory to /data
- open the UI
- upload a PCAP
Docker image:
- jobish/packetql:beta
Recommended PCAP size for the best experience: below 50 MB.
Status: Public Beta
PacketQL v0.1.0-beta - Single-container packet investigation
PacketQL is now available as an open-source public beta.
PacketQL turns packet captures into structured, SQL-queryable investigation data.
Highlights:
- Browser-based PCAP upload
- Zeek-powered protocol parsing
- Structured log tables for investigation
- Parquet + DuckDB analytics workflow
- Log dashboard, log search, and SQL query workflow
- Simple single-container Docker deployment
Recommended deployment:
- pull the Docker image
- mount a host path to /data
- open the UI and upload a PCAP
Recommended PCAP size:
- below 50 MB for the smoothest beta experience
Current status:
- Public Beta
- recommended for labs, demos, and internal evaluation
- not yet positioned as hardened production infrastructure
Option 1:
PacketQL is an open-source packet investigation platform that turns PCAP files into SQL-queryable security data.
Option 2:
Turn PCAP files into structured, SQL-ready security investigations in minutes.
Option 3:
Single-container PCAP investigation for SOC analysts, powered by Zeek, Kafka, Parquet, and DuckDB.
Use this wording publicly if you want to stay honest and safe:
PacketQL is currently in public beta. The recommended deployment path is the bundled Docker container. The best experience today is with PCAP files below 50 MB. Larger files and production hardening are still being improved.
README.mddocs/ARCHITECTURE.mddocker/README.md- screenshots
- release notes
Replace placeholders in the docs:
- Docker image references should point to
jobish/packetql:beta - repository URL should point to
https://github.com/flowtracex/PacketQL
Also confirm:
- Docker image name is final
- live demo URL is final
- screenshots are ready if you want a stronger front page