Zeek Package Manager: Packages

This script expands the base known-services policy to include is_local_orig flag to indicate if an outbound service was discovered from non-local nets (is_local_orig =F) or from local nets (is_local_orig=T).

zeek-plugin-bacnet

By amzn

Plugin that enables parsing of the BACnet standard building controls protocol

zeek-plugin-enip

By amzn

Plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards

zeek-plugin-ikev2

By ukncsc

Plugin that enables parsing of the IKEv2 protocol

zeek-plugin-profinet

By amzn

Plugin that enables parsing of the Profinet protocol

zeek-plugin-roca

By 0xxon

Identify certificates potentially affected by CVE-2017-15361

zeek-plugin-s7comm

By amzn

Plugin that enables parsing of the S7 protocol

zeek-plugin-tds

By amzn

Plugin that enables parsing of the Tabular Data Stream (TDS) protocol

zeek-postgresql

By 0xxon

A PostgreSQL reader and writer for Zeek.

zeek-print-log-info

By jsiwek

Gathers and prints field descriptions for all Zeek logs. The default output format is CSV files.

zeek-quic

By corelight

Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.

zeek-sniffpass

By cybera

Sniffpass will alert on cleartext passwords discovered in HTTP POST requests

zeek-spicy-facefish

By corelight

A Facefish rootkit detector, based on Spicy.