This plugin adds a Site::is_darknet function.
This is useful for scripts that track scan attempts or other probes.
It can handle purely dark address space as well as honeynet space.
Generate and log ja3 ssl fingerprints
Raise notices on outgoing files over X bytes in size.
Also raise notices for multiple large outgoing Tx's in Y time frame.
This plugin provides liblognorm integration for Bro.
Find and log long-lived connections into a "conn_long" log.
Packet source plugin that provides native Myricom SNF v3+v4 support.
Packet source plugin that provides native support for NTAPI
Packet source plugin that provides native Netmap support.
Add OUI lookup to Bro.
Packet source plugin that provides native PF_RING support.
Detects the Google QUIC (GQUIC) protocol and adds "gquic"
to conn.log's "service" field.
Attempt to identify QUIC protocol
Discover successful ShellShock attacks.
Simple, high performance tcp scan detection
Zeek-Sysmon contains a python script that will read in a file, parse JSON Windows Event Logs, generate Zeek events, and forward them to Zeek. Default Zeek-Sysmon scripts log output to files.
An example Zeek package for testing purposes.
This plugin provides native AF_XDP support for Bro.
A plugin to find Windows executables that have been XOR encoded.
Page 2 of 6, showing 20 record(s) out of 112 total