Zeek Package Manager: Packages

zeek-globload

This plugin adds support for shell-style glob patterns when loading Zeek scripts. For example, saying "@load startup.d/*.zeek" will load any Zeek scripts with a .zeek suffix from the startup.d folder.

zeek-gozi-detector

By corelight

A Zeek based Gozi malware detector.

zeek-jpeg

By corelight

This package provides some basic analysis for JPEG files.

zeek-log-add-mac-addresses

By reshadp

Add MAC address to all logs.

zeek-long-connections

By corelight

Find and log long-lived connections into a "conn_long" log.

zeek-macho

By corelight

This package provides some basic analysis for Mach-o files.

zeek-nats-log-writer

By corelight

NATS.io log writer support

zeek-netsupport-detector

By corelight

A Zeek base NetSupport detector. NetSupport is often abused by attackers in malware.

zeek-notice-telegram

By corelight

Package that extends the Notice Framework to include `ACTION_TELEGRAM` for sending messages on notices over Telegram.

zeek-open-connections

By activecm

Find and log open, long-lived connections into "open_conn", "open_ssl", and "open_http" logs.

zeek-quasarrat-detector

By corelight

An QuasarRAT malware detector.

zeek-quic

By corelight

Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.

zeek-spicy-facefish

By corelight

A Facefish rootkit detector, based on Spicy.

zeek-spicy-ipsec

By corelight

An IPSec Zeek protocol analyzer based on Spicy.

zeek-spicy-openvpn

By corelight

A Zeek OpenVPN protocol analyzer, based on Spicy.

zeek-spicy-ospf

By corelight

A Zeek OSPF packet analyzer, based on Spicy.

zeek-spicy-stun

By corelight

A Zeek STUN protocol analyzer based on Spicy.

zeek-spicy-wireguard

By corelight

A Wireguard VPN protocol analyzer, based on Spicy.

zeek-strrat-detector

By corelight

A Zeek based STRRAT malware detector.

zeek-xor-exe-plugin

By corelight

A plugin to find Windows executables that have been XOR encoded.