Additional hashing functions for Zeek, started with MurmurHash3.
Packet source plugin that provides native Netmap support.
Perform regular network measurements and report results.
Monitors for new domains being queried for and raises a notice for them
This script enables easy customation of how notice actions are handled. It's built to work with eZeekConfigurator, but that isn't required.
Zeek Notices through Slack webhook
Package that extends the Notice Framework to include `ACTION_TELEGRAM` for sending messages on notices over Telegram.
This script just replaces the old ntp-monlist script to work with Zeek 3.0.0+
Find and log open, long-lived connections into a "conn_long" log.
A Zeek OpenVPN Protocol Analyzer
This script expands the base known-services policy to include is_local_orig flag to indicate if an outbound service was discovered from non-local nets (is_local_orig =F) or from local nets (is_local_orig=T).
Zeek Package that supports adding arp.log to zeek log files
Detect DoH servers by adding a is_DoH field in ssl.log and add timeout to them so that the DoH connection won't take too long
Zeek Package that extracts features of IRC communication
This script gets the gateway IP information taken from the dhcp logs, and adds a notice.log entry if the gateway address is identified
Provides PCAP over TCP support for Zeek.
Plugin that enables parsing of the BACnet standard building controls protocol
Plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
Plugin that enables parsing of the IKEv2 protocol