Generate and log ja3 ssl fingerprints
Raise notices on outgoing files over X bytes in size.
Also raise notices for multiple large outgoing Tx's in Y time frame.
This plugin provides liblognorm integration for Bro.
Find and log long-lived connections into a "conn_long" log.
Packet source plugin that provides native Myricom SNF v3+v4 support.
Packet source plugin that provides native support for NTAPI
Packet source plugin that provides native Netmap support.
Add OUI lookup to Bro.
Packet source plugin that provides native PF_RING support.
Attempt to identify QUIC protocol
Discover successful ShellShock attacks.
Simple, high performance tcp scan detection
Zeek-Sysmon contains a python script that will read in a file, parse JSON Windows Event Logs, generate Zeek events, and forward them to Zeek. Default Zeek-Sysmon scripts log output to files.
This plugin provides native AF_XDP support for Bro.
A plugin to find Windows executables that have been XOR encoded.
ZeroMQ log writer.
BZAR - Bro/Zeek ATT&CK-based Analytics and Reporting.
Detects CallStranger (CVE) Exploitation Attempts
Page 2 of 8, showing 20 record(s) out of 154 total