Packages

intel-expire

By j-gras

Per item expiration for Zeek's intelligence framework.

intel-extensions

By j-gras

Extensions for Bro's intelligence framework.

intel-seen-more

By j-gras

Additional seen-triggers for Bro's intelligence framework.

ja3

By salesforce

JA3 creates 32 character SSL client fingerprints and logs them as a field in ssl.log. These fingerprints can easily be shared as threat intelligence or used as correlation items for enhanced alerting and analysis. This package also adds JA3 to the Bro Intel Framework. https://github.com/salesforce/ja3

Joe-Sandbox-Bro

By joesecurity

JoeSandbox-Bro extracts files from your internet connection and analyzes them automatically on Joe Sandbox. Combined with Joe Sandbox's reporting and alerting features you can build a powerful IDS.

json-streaming-logs

By corelight

JSON streaming logs

ldap-analyzer

By scebro

LDAP write operations analyzer for Bro.

log-add-http-post-bodies

By corelight

Add a POST body excerpt into the HTTP log

log-add-vlan-everywhere

By corelight

Add VLAN to all Bro logs.

log-filters

By hosom

Implement common log filters.

metron-bro-plugin-kafka

By apache

A Bro log writer plugin that sends logging output to Kafka.

phish-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

scan-NG

By initconf

scan detection in 2.x world. Forward porting of bro-1.5.3 scan.bro accompanied with new heuristics and quicker detections

scan-sampling

By jonzeolla

Modified version of scan.bro to add destination IP sampling.

smtp-url-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

ssn-exposure

By sethhall

Detect US Social Security numbers in HTTP and SMTP with Bro.

tcprs

By jswaro

TCP Retransmission and State Analyzer plugin for Bro.

top-dns

By corelight

Log the top DNS queries being requested.

uap-bro

By vitalyrepin

User Agent Parser - Bro implementation based on uap-core

unknown-mime-type-discovery

By sethhall

A Bro package for finding new file signatures.

Page 4 of 5, showing 20 record(s) out of 90 total