Packages

zeek-more-hashes

By zeek

Additional hashing functions for Zeek, started with MurmurHash3.

zeek-nats-log-writer

By corelight

NATS.io log writer support

zeek-netmap

By zeek

Packet source plugin that provides native Netmap support.

zeek-netsupport-detector

By corelight

A Zeek base NetSupport detector. NetSupport is often abused by attackers in malware.

zeek-network-statistics

By 0xxon

Perform regular network measurements and report results.

zeek-new-domains

By rvictory

Monitors for new domains being queried for and raises a notice for them

zeek-njrat-detector

By keithjjones

A Zeek based njRAT detector.

zeek-notice-config

By dopheide

This script enables easy customation of how notice actions are handled. It's built to work with eZeekConfigurator, but that isn't required.

zeek-notice-slack

By pgaulon

Zeek Notices through Slack webhook

zeek-notice-telegram

By corelight

Package that extends the Notice Framework to include `ACTION_TELEGRAM` for sending messages on notices over Telegram.

zeek-ntp-monlist

By dopheide

This script just replaces the old ntp-monlist script to work with Zeek 3.0.0+

zeek-open-connections

By activecm

Find and log open, long-lived connections into "open_conn", "open_ssl", and "open_http" logs.

zeek-outbound-known-services-with-origflag

By esnet-security

This script expands the base known-services policy to include is_local_orig flag to indicate if an outbound service was discovered from non-local nets (is_local_orig =F) or from local nets (is_local_orig=T).

zeek-package-ARP

By stratosphereips

Zeek Package that supports adding arp.log to zeek log files

zeek-package-detect-DoH

By stratosphereips

Detect DoH servers by adding a is_DoH field in ssl.log and add timeout to them so that the DoH connection won't take too long

zeek-package-IRC

By stratosphereips

Zeek Package that extracts features of IRC communication

zeek-package-log-gateway-IP

By stratosphereips

This script gets the gateway IP information taken from the dhcp logs, and adds a notice.log entry if the gateway address is identified

zeek-parser-Bacnet

By nttcom

TODO: A more detailed description of icsnpp-bacnet. It can span multiple lines, with this indentation.

zeek-parser-CCLinkFieldBasic

By nttcom

TODO: A more detailed description of spicy_cc_link_basic. It can span multiple lines, with this indentation.

Page 11 of 14, showing 20 record(s) out of 261 total