Joe-Sandbox-Bro

By joesecurity

JoeSandbox-Bro extracts files from your internet connection and analyzes them automatically on Joe Sandbox. Combined with Joe Sandbox's reporting and alerting features you can build a powerful IDS.

json-streaming-logs

By corelight

JSON streaming logs

ldap-analyzer

By scebro

LDAP write operations analyzer for Bro.

log-add-http-post-bodies

By corelight

Add a POST body excerpt into the HTTP log

log-add-vlan-everywhere

By corelight

Add VLAN to all Bro logs.

log-filters

By hosom

Implement common log filters.

metron-bro-plugin-kafka

By apache

A Bro log writer plugin that sends logging output to Kafka.

phish-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

scan-NG

By initconf

scan detection in 2.x world. Forward porting of bro-1.5.3 scan.bro accompanied with new heuristics and quicker detections

scan-sampling

By jonzeolla

Modified version of scan.bro to add destination IP sampling.

smtp-url-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

ssn-exposure

By sethhall

Detect US Social Security numbers in HTTP and SMTP with Bro.

tcprs

By jswaro

TCP Retransmission and State Analyzer plugin for Bro.

top-dns

By corelight

Log the top DNS queries being requested.

uap-bro

By vitalyrepin

User Agent Parser - Bro implementation based on uap-core

unknown-mime-type-discovery

By sethhall

A Bro package for finding new file signatures.

venom

By dopheide

Attempts to detect an attacker calling to the VENOM Linux Rootkit https://security.web.cern.ch/security/venom.shtml

vnc-scanner

By initconf

Simple policy to detect VNC (RFB) scanners based on src->dst connection counts

zeek_perfsonar_owamp

By esnet

zeek-plugin-roca

By 0xxon

Identify certificates potentially affected by CVE-2017-15361