Zeek Package Manager: Packages

Packages

aaalm

Tag and group devices based on a LAN's structure

add-interfaces

Adds cluster node's interface to logs.

add-json

Additional JSON-logging for Zeek.

add-node-names

Adds cluster node name to logs.

anomalous-dns

A module for tracking and correlating abnormal DNS behavior. Detection of tunneling and C&C through connection duration and volume, request and answer size, DNS request type, and unique queries per domain. Statistical clasification of fast flux networks based on A records and ASNs.

appid

Leverage nDPI and other info to make informed guess at the application for a connection.

Apple-RDP-net-assistant-DoS

udp-3283-DoS

bad-asn

Adds ASN reputation data of external IP addresses to notice.log if the ASN crosses a predetermined threshold as defined by circl.lu

BinaryHeap

Binary Heap Implementation

blacklist

package to manage blacklisted IP address ysing bro

bro_notice_correlation

Adds support for multi-notice correlation. For more information, see http://blog.samoehlert.com/correlating-bro-notices or the talk from BroCon 2016.

bro-af_packet-plugin

This plugin provides native AF_Packet support for Zeek.

bro-dag

Packet source plugin that provides native support for Endace DAG capture cards.

bro-doctor

A broctl plugin that helps you troubleshoot common problems For cluster-related checks, the package "add-node-names" is recommended.

bro-drwatson

Discover and log information discovered in Microsoft DrWatson messages.

bro-fuzzy-hashing

This plugin provides fuzzy hashing for Bro.

bro-hardware

Scripts for cases where hardware device identifiers are discovered.

bro-http2

A HTTP2 protocol analyzer for the Zeek NSM.

bro-interface-setup

A broctl plugin that helps you setup capture interfaces

bro-inventory-scripts

Find different type of OSes and AV software in your network traffic.

<< Previous

1
2
3
4
5
6
7
8
9

Next >>
last >>

Page 1 of 9, showing 20 record(s) out of 169 total