Packages

bro-is-darknet

By ncsa

This plugin adds a Site::is_darknet function. This is useful for scripts that track scan attempts or other probes. It can handle purely dark address space as well as honeynet space.

bro-ja3

By hosom

Generate and log ja3 ssl fingerprints

bro-large_uploads

By theflakes

Raise notices on outgoing files over X bytes in size. Also raise notices for multiple large outgoing Tx's in Y time frame.

bro-lognorm

By j-gras

This plugin provides liblognorm integration for Zeek.

bro-mongodb

By activecm

Bro IDS/ MongoDB connector.

bro-myricom

By sethhall

Packet source plugin that provides native Myricom SNF v3+v4 support.

bro-napatech

By hosom

Packet source plugin that provides native support for NTAPI

bro-oui

By hosom

Add OUI lookup to Bro.

bro-pf_ring

By ntop

Packet source plugin that provides native PF_RING support.

bro-quic

By dopheide

Attempt to identify QUIC protocol

bro-rita

By activecm

RITA, Bro IDS connector.

bro-shellshock

By corelight

Discover successful ShellShock attacks.

bro-simple-scan

By ncsa

Simple, high performance tcp scan detection

bro-sysmon

By salesforce

Zeek-Sysmon contains a python script that will read in a file, parse JSON Windows Event Logs, generate Zeek events, and forward them to Zeek. Default Zeek-Sysmon scripts log output to files.

bro-xdp_packet-plugin

By irtimmer

This plugin provides native AF_XDP support for Bro.

bro-zeromq-writer

By ncsa

ZeroMQ log writer.

bzar

By mitre-attack

BZAR - Bro/Zeek ATT&CK-based Analytics and Reporting.

callstranger-detector

By corelight

Detects CallStranger (CVE) Exploitation Attempts

cif-zeek

By sfinlon

Adds Collective Intelligence Framework (CIF) metadata to intel logs.

common-encodings

By anthonykasza

A Zeek package which provides common encodings and operations.

Page 2 of 13, showing 20 record(s) out of 253 total