Packages

conn-burst

By corelight

Identify bursty connections (large and fast)

credit-card-exposure

By sethhall

Detect credit card numbers in HTTP and SMTP with Bro.

CVE-2017-5638_struts

By initconf

package to detect CVE-2017-5638 struts attack

cve-2020-0601

By 0xxon

"Test script for CVE-2020-0601. Please read Readme."

cve-2020-0601-plugin

By 0xxon

"Test script for CVE-2020-0601. Binary package, requires OpenSSL 1.1.x"

detect-kaspersky

By initconf

kaspersky

dns_axfr

By srozb

Find and notice DNS zone transfer attempts.

dns-tunnels

By hhzzk

Detect DNS Tunnels attack.

domain-tld

By sethhall

A library for getting the "effective tld" of a domain name.

dovehawk

By dovehawk

MISP+Zeek. Dovehawk is a Zeek Module to import MISP indicators to the Intel Framework and Signature Framework automatically. Reports sightings directly back to MISP as they happen. Supports Zeek Clusters.

dovehawk_dns

By dovehawk

Dovehawk.io Passive DNS Capture Module.

dovehawk_flow

By dovehawk

Dovehawk Anonymized Outbound Flow Tracking

dummy-connections

By hosom

Create dummy connection records.

emojifier

By emojifier

Set your logs on fire with Emojifier!

file-extraction

By hosom

Extract files from network traffic with Zeek.

find_smbv1

By klehigh

find SMBv1 activity

fix-ascii

By reservoirlabs

ASCII FIX analyzer package

fix-binary

By reservoirlabs

binary FIX analyzer package

flow_labels

By bricata

Provides mechanisms for managing and using institutional knowledge about a monitored environment to make informed observations of normal and abnormal network activity.

ftp-bruteforce

By initconf

ftp-bruteforce

Page 3 of 7, showing 20 record(s) out of 125 total