Packages

conn-burst

By corelight

Identify bursty connections (large and fast)

credit-card-exposure

By sethhall

Detect credit card numbers in HTTP and SMTP with Bro.

CVE-2017-5638_struts

By initconf

package to detect CVE-2017-5638 struts attack

cve-2020-0601

By 0xxon

"Test script for CVE-2020-0601. Please read Readme."

cve-2020-0601-plugin

By 0xxon

"Test script for CVE-2020-0601. Binary package, requires OpenSSL 1.1.x"

cve-2020-13777

By 0xxon

"Test script for CVE-2020-13777. Please read Readme."

cve-2020-16898

By esnet-security

Detects CVE-2020-16898: "Bad Neighbor"

CVE-2020-16898

By corelight

A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability) AKA BadNeighbor

CVE-2020-16898-Bad-Neighbor

By initconf

CVE-2020-16898: Bad Neighbor

CVE-2020-5902-F5BigIP

By corelight

A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices.

detect-ransomware-filenames

By corelight

Watch SMB transactions for files whose filename matches patterns known to be used by ransomware

dns_axfr

By srozb

Find and notice DNS zone transfer attempts.

dns-tunnels

By hhzzk

Detect DNS Tunnels attack.

domain-tld

By sethhall

A library for getting the "effective tld" of a domain name.

dovehawk

By dovehawk

MISP+Zeek. Dovehawk is a Zeek Module to import MISP indicators to the Intel Framework and Signature Framework automatically. Reports sightings directly back to MISP as they happen. Supports Zeek Clusters.

dovehawk_dns

By dovehawk

Dovehawk.io Passive DNS Capture Module.

dovehawk_flow

By dovehawk

Dovehawk Anonymized Outbound Flow Tracking

dummy-connections

By hosom

Create dummy connection records.

emojifier

By emojifier

Set your logs on fire with Emojifier!

file-extraction

By hosom

Extract files from network traffic with Zeek.

Page 3 of 8, showing 20 record(s) out of 154 total