Packages
By nskelsey
Tag and group devices based on a LAN's structure
By j-gras
Adds cluster node's interface to logs.
By j-gras
Additional JSON-logging for Bro.
By j-gras
Adds cluster node name to logs.
By jbaggs
A module for tracking and correlating abnormal DNS behavior. Detection of tunneling and C&C through connection duration and volume, request and answer size, DNS request type, and unique queries per domain.
By initconf
package to manage blacklisted IP address ysing bro
By dopheide
Adds support for multi-notice correlation. For more information, see http://blog.samoehlert.com/correlating-bro-notices or the talk from BroCon 2016.
By j-gras
This plugin provides native AF_Packet support for Zeek.
By corelight
"Community ID" flow hash support in conn.log
By endace
Packet source plugin that provides native support for Endace DAG capture cards.
By ncsa
A broctl plugin that helps you troubleshoot common problems
For cluster-related checks, the package "add-node-names" is recommended.
By corelight
Discover and log information discovered in Microsoft DrWatson messages.
By j-gras
This plugin provides fuzzy hashing for Bro.
By corelight
Scripts for cases where hardware device identifiers are discovered.
By mitrecnd
A HTTP2 protocol analyzer for the Bro IDS.
By ncsa
A broctl plugin that helps you setup capture interfaces
By fatemabw
Find different type of OSes and AV software in your network traffic.
By ncsa
This plugin adds a Site::is_darknet function.
This is useful for scripts that track scan attempts or other probes.
It can handle purely dark address space as well as honeynet space.
Page 1 of 7, showing 20 record(s) out of 125 total