By jbaggs
A module for tracking and correlating abnormal DNS behavior. Detection of tunneling and C&C through connection duration and volume, request and answer size, DNS request type, and unique queries per domain. Statistical classification of fast flux networks based on A records and ASNs.
By stevesmoot
Leverage nDPI and other info to make informed guess at the application for a connection.
By amarokinc
Adds ASN reputation data of external IP addresses to notice.log if the ASN crosses a predetermined threshold as defined by circl.lu
By dopheide
Adds support for multi-notice correlation. For more information, see http://blog.samoehlert.com/correlating-bro-notices or the talk from BroCon 2016.
By ncsa
A broctl plugin that helps you troubleshoot common problems For cluster-related checks, the package "add-node-names" is recommended.
By fatemabw
Find different type of OSes and AV software in your network traffic.
By ncsa
This plugin adds a Site::is_darknet function. This is useful for scripts that track scan attempts or other probes. It can handle purely dark address space as well as honeynet space.