Packages

bro-is-darknet

By ncsa

This plugin adds a Site::is_darknet function. This is useful for scripts that track scan attempts or other probes. It can handle purely dark address space as well as honeynet space.

bro-ja3

By hosom

Generate and log ja3 ssl fingerprints

bro-large_uploads

By theflakes

Raise notices on outgoing files over X bytes in size. Also raise notices for multiple large outgoing Tx's in Y time frame.

bro-lognorm

By j-gras

This plugin provides liblognorm integration for Bro.

bro-long-connections

By corelight

Find and log long-lived connections into a "conn_long" log.

bro-mongodb

By activecm

Bro IDS/ MongoDB connector.

bro-myricom

By sethhall

Packet source plugin that provides native Myricom SNF v3+v4 support.

bro-napatech

By hosom

Packet source plugin that provides native support for NTAPI

bro-netmap

By bro

Packet source plugin that provides native Netmap support.

bro-oui

By hosom

Add OUI lookup to Bro.

bro-pf_ring

By ntop

Packet source plugin that provides native PF_RING support.

bro-quic

By corelight

Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.

bro-quic

By dopheide

Attempt to identify QUIC protocol

bro-rita

By activecm

RITA, Bro IDS connector.

bro-shellshock

By corelight

Discover successful ShellShock attacks.

bro-simple-scan

By ncsa

Simple, high performance tcp scan detection

bro-sysmon

By salesforce

Zeek-Sysmon contains a python script that will read in a file, parse JSON Windows Event Logs, generate Zeek events, and forward them to Zeek. Default Zeek-Sysmon scripts log output to files.

bro-test-package

By jsiwek

An example Zeek package for testing purposes.

bro-xdp_packet-plugin

By irtimmer

This plugin provides native AF_XDP support for Bro.

bro-xor-exe-plugin

By corelight

A plugin to find Windows executables that have been XOR encoded.

Page 2 of 6, showing 20 record(s) out of 112 total