By dopheide
This script enables easy customation of how notice actions are handled. It's built to work with eZeekConfigurator, but that isn't required.
By corelight
Package that extends the Notice Framework to include `ACTION_TELEGRAM` for sending messages on notices over Telegram.
By dopheide
This script just replaces the old ntp-monlist script to work with Zeek 3.0.0+
This script expands the base known-services policy to include is_local_orig flag to indicate if an outbound service was discovered from non-local nets (is_local_orig =F) or from local nets (is_local_orig=T).
By amzn
Plugin that enables parsing of the BACnet standard building controls protocol
By amzn
Plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
By jsiwek
Gathers and prints field descriptions for all Zeek logs. The default output format is CSV files.
By corelight
Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.
By cybera
Sniffpass will alert on cleartext passwords discovered in HTTP POST requests