This plugin adds a Site::is_darknet function. This is useful for scripts that track scan attempts or other probes. It can handle purely dark address space as well as honeynet space.
Raise notices on outgoing files over X bytes in size. Also raise notices for multiple large outgoing Tx's in Y time frame.
This plugin provides liblognorm integration for Zeek.
Bro IDS/ MongoDB connector.
Packet source plugin that provides native Myricom SNF v3+v4 support.
Packet source plugin that provides native support for NTAPI
Packet source plugin that provides native PF_RING support.
Discover successful ShellShock attacks.
Simple, high performance tcp scan detection
Zeek-Sysmon contains a python script that will read in a file, parse JSON Windows Event Logs, generate Zeek events, and forward them to Zeek. Default Zeek-Sysmon scripts log output to files.
This plugin provides native AF_XDP support for Bro.
ZeroMQ log writer.
BZAR - Bro/Zeek ATT&CK-based Analytics and Reporting.
Detects CallStranger (CVE) Exploitation Attempts
A Zeek package which provides common encodings and operations.