Packages

add-interfaces

By j-gras

Adds cluster node's interface to logs.

add-json

By j-gras

Additional JSON-logging for Bro.

add-node-names

By j-gras

Adds cluster node name to logs.

anomalous-dns

By jbaggs

A module for tracking and correlating abnormal DNS behavior. Detection of tunneling and C&C through connection duration and volume, request and answer size, DNS request type, and unique queries per domain.

BinaryHeap

By jmellander

Binary Heap Implementation

blacklist

By initconf

package to manage blacklisted IP address ysing bro

bro_bitcoin

By jsiwek

Detects Bitcoin, Litecoin, or other cryptocurrency mining traffic that uses getwork, getblocktemplate, or Stratum mining protocols over TCP or HTTP.

bro_notice_correlation

By dopheide

Adds support for multi-notice correlation. For more information, see http://blog.samoehlert.com/correlating-bro-notices or the talk from BroCon 2016.

bro-af_packet-plugin

By j-gras

This plugin provides native AF_Packet support for Bro.

bro-community-id

By corelight

"Community ID" flow hash support in conn.log

bro-dag

By endace

Packet source plugin that provides native support for Endace DAG capture cards.

bro-doctor

By ncsa

A broctl plugin that helps you troubleshoot common problems For cluster-related checks, the package "add-node-names" is recommended.

bro-drwatson

By corelight

Discover and log information discovered in Microsoft DrWatson messages.

bro-fuzzy-hashing

By j-gras

This plugin provides fuzzy hashing for Bro.

bro-hardware

By corelight

Scripts for cases where hardware device identifiers are discovered.

bro-http2

By mitrecnd

A HTTP2 protocol analyzer for the Bro IDS.

bro-interface-setup

By ncsa

A broctl plugin that helps you setup capture interfaces

bro-inventory-scripts

By fatemabw

Find different type of OSes and AV software in your network traffic.

bro-is-darknet

By ncsa

This plugin adds a Site::is_darknet function. This is useful for scripts that track scan attempts or other probes. It can handle purely dark address space as well as honeynet space.

bro-ja3

By hosom

Generate and log ja3 ssl fingerprints

Page 1 of 5, showing 20 record(s) out of 90 total