Packages

detect-ransomware-filenames

By corelight

Watch SMB transactions for files whose filename matches patterns known to be used by ransomware

dns_axfr

By srozb

Find and notice DNS zone transfer attempts.

dns-tunnels

By hhzzk

Detect DNS Tunnels attack.

domain-tld

By sethhall

A library for getting the "effective tld" of a domain name.

dovehawk

By dovehawk

MISP+Zeek. Dovehawk is a Zeek Module to import MISP indicators to the Intel Framework and Signature Framework automatically. Reports sightings directly back to MISP as they happen. Supports Zeek Clusters.

dovehawk_dns

By dovehawk

Dovehawk.io Passive DNS Capture Module.

dovehawk_flow

By dovehawk

Dovehawk Anonymized Outbound Flow Tracking

dportmatch

By mvlnetdev

Zeek package to add a destination port to the meta fields in Zeek. It creates a notice when both the intel and the destination port matches. This adds a feature that can be used to reduce false positives.

dummy-connections

By hosom

Create dummy connection records.

emojifier

By emojifier

Set your logs on fire with Emojifier!

file-extraction

By hosom

Extract files from network traffic with Zeek.

find_smbv1

By klehigh

find SMBv1 activity

flow_labels

By bricata

Provides mechanisms for managing and using institutional knowledge about a monitored environment to make informed observations of normal and abnormal network activity.

ftp-bruteforce

By initconf

ftp-bruteforce

geoip-conn

By brimsec

Adds additional fields to the conn.log for the data obtained via Zeek's GeoLocation feature (https://docs.zeek.org/en/current/frameworks/geoip.html).

got_zoom

By corelight

Detect Zoom traffic

GQUIC_Protocol_Analyzer

By salesforce

Protocol analyzer that detects, dissects, fingerprints, and logs GQUIC traffic

hassh

By salesforce

HASSH is used to identify specific Client and Server SSH implementations. The fingerprints can be stored, searched and shared in the form of an MD5 fingerprint. This package logs components to ssh.log

hello-world

By zeek

A test package to verify that your Zeek installation can install packages successfully.

http_csp

By srozb

HTTP Content-Security-Policy report parser

Page 4 of 11, showing 20 record(s) out of 207 total