This plugin adds a Site::is_darknet function.
This is useful for scripts that track scan attempts or other probes.
It can handle purely dark address space as well as honeynet space.
Generate and log ja3 ssl fingerprints
Raise notices on outgoing files over X bytes in size.
Also raise notices for multiple large outgoing Tx's in Y time frame.
This plugin provides liblognorm integration for Bro.
Packet source plugin that provides native Myricom SNF v3+v4 support.
Packet source plugin that provides native support for NTAPI
Add OUI lookup to Bro.
Packet source plugin that provides native PF_RING support.
Attempt to identify QUIC protocol
Discover successful ShellShock attacks.
Simple, high performance tcp scan detection
Zeek-Sysmon contains a python script that will read in a file, parse JSON Windows Event Logs, generate Zeek events, and forward them to Zeek. Default Zeek-Sysmon scripts log output to files.
This plugin provides native AF_XDP support for Bro.
ZeroMQ log writer.
BZAR - Bro/Zeek ATT&CK-based Analytics and Reporting.
Detects CallStranger (CVE) Exploitation Attempts
Adds Collective Intelligence Framework (CIF) metadata to intel logs.
Identify bursty connections (large and fast)
Page 2 of 9, showing 20 record(s) out of 168 total