Raise notices on outgoing files over X bytes in size.
Also raise notices for multiple large outgoing Tx's in Y time frame.
This plugin provides liblognorm integration for Bro.
Find and log long-lived connections into a "conn_long" log.
Packet source plugin that provides native Myricom SNF v3+v4 support.
Packet source plugin that provides native support for NTAPI
Packet source plugin that provides native Netmap support.
Add OUI lookup to Bro.
Packet source plugin that provides native PF_RING support.
Attempt to identify QUIC protocol
Detects the Google QUIC (GQUIC) protocol and adds "gquic"
to conn.log's "service" field.
Discover successful ShellShock attacks.
Simple, high performance tcp scan detection
Zeek-Sysmon contains a python script that will read in a file, parse JSON Windows Event Logs, generate Zeek events, and forward them to Zeek. Default Zeek-Sysmon scripts log output to files.
This plugin provides native AF_XDP support for Bro.
A plugin to find Windows executables that have been XOR encoded.
ZeroMQ log writer.
BZAR - Bro/Zeek ATT&CK-based Analytics and Reporting.
Detects CallStranger (CVE) Exploitation Attempts
Page 2 of 7, showing 20 record(s) out of 138 total