By jbaggs
A module for tracking and correlating abnormal DNS behavior. Detection of tunneling and C&C through connection duration and volume, request and answer size, DNS request type, and unique queries per domain.
By amarokinc
Adds ASN reputation data of external IP addresses to notice.log if the ASN crosses a predetermined threshold as defined by circl.lu
By dopheide
Adds support for multi-notice correlation. For more information, see http://blog.samoehlert.com/correlating-bro-notices or the talk from BroCon 2016.
By ncsa
A broctl plugin that helps you troubleshoot common problems For cluster-related checks, the package "add-node-names" is recommended.
By fatemabw
Find different type of OSes and AV software in your network traffic.
By ncsa
This plugin adds a Site::is_darknet function. This is useful for scripts that track scan attempts or other probes. It can handle purely dark address space as well as honeynet space.