By salesforce
JA3 creates 32 character SSL client fingerprints and logs them as a field in ssl.log. These fingerprints can easily be shared as threat intelligence or used as correlation items for enhanced alerting and analysis. This package also adds JA3 to the Bro Intel Framework. https://github.com/salesforce/ja3
By joesecurity
JoeSandbox-Bro extracts files from your internet connection and analyzes them automatically on Joe Sandbox. Combined with Joe Sandbox's reporting and alerting features you can build a powerful IDS.
By initconf
Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails
By initconf
scan detection in 2.x world. Forward porting of bro-1.5.3 scan.bro accompanied with new heuristics and quicker detections
By initconf
Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails