This script expands the base known-services policy to include is_local_orig flag to indicate if an outbound service was discovered from non-local nets (is_local_orig =F) or from local nets (is_local_orig=T).
Detect DoH servers by adding a is_DoH field in ssl.log and add timeout to them so that the DoH connection won't take too long
This script gets the gateway IP information taken from the dhcp logs, and adds a notice.log entry if the gateway address is identified
By nttcom
TODO: A more detailed description of icsnpp-bacnet. It can span multiple lines, with this indentation.
By nttcom
TODO: A more detailed description of spicy_cc_link_noip. It can span multiple lines, with this indentation.
By nttcom
TODO: A more detailed description of spicy_cc_link_basic. It can span multiple lines, with this indentation.
By nttcom
TODO: A more detailed description of test. It can span multiple lines, with this indentation.
By nttcom
TODO: A more detailed description of zeek-parser-NBNS. It can span multiple lines, with this indentation.
By nttcom
TODO: A more detailed description of zeek-parser-DHCPv4-COM. It can span multiple lines, with this indentation.
By nttcom
TODO: A more detailed description of zeek-parser-DHCPV6. It can span multiple lines, with this indentation.
By nttcom
TODO: A more detailed description of zeek-parser-SSDP. It can span multiple lines, with this indentation.
By amzn
Plugin that enables parsing of the BACnet standard building controls protocol
By amzn
Plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards