Packages

icsnpp-bsap

By cisagov

BSAP over IP plugin for parsing and logging of the BSAP protocol - CISA ICSNPP

icsnpp-dnp3

By cisagov

DNP3 script for detailed logging of the DNP3 protocol - CISA ICSNPP

icsnpp-enip

By cisagov

Ethernet/IP and CIP plugin for parsing and logging of the Ethernet/IP and CIP protocols - CISA ICSNPP

icsnpp-ethercat

By cisagov

Ethercat plugin for parsing and logging of the Ethercat protocol - CISA ICSNPP

icsnpp-modbus

By cisagov

Modbus script for detailed logging of the Modbus protocol - CISA ICSNPP

icsnpp-opcua-binary

By cisagov

OPC Unified Architecture Binary plugin for parsing and logging of the OPC UA Binary protocol - CISA ICSNPP

indicator-rules

By anthonykasza

An extension to the Intel Framework. This package faciliates the creation of rules which Zeek can monitor for.

intel-expire

By j-gras

Per item expiration for Zeek's intelligence framework.

intel-extensions

By j-gras

Extensions for Bro's intelligence framework.

intel-limiter

By j-gras

Limiter for Zeek's intelligence framework.

intel-seen-more

By j-gras

Additional seen-triggers for Bro's intelligence framework.

IRC-Zeek-package

By stratosphereips

Zeek Package that extracts features of IRC communication

ja3

By salesforce

JA3 creates 32 character SSL client fingerprints and logs them as a field in ssl.log. These fingerprints can easily be shared as threat intelligence or used as correlation items for enhanced alerting and analysis. This package also adds JA3 to the Zeek Intel Framework. https://github.com/salesforce/ja3

Joe-Sandbox-Bro

By joesecurity

JoeSandbox-Bro extracts files from your internet connection and analyzes them automatically on Joe Sandbox. Combined with Joe Sandbox's reporting and alerting features you can build a powerful IDS.

json-streaming-logs

By corelight

JSON streaming logs

kyd

By fatemabw

KYD creates DHCP client hashes and logs the fingerprints and associated device information in a separate log file 'dhcpfp.log. The Unknown fingerprints can easily be queried to the Fingerbanks API using the 'dhcp-unknown.py' script provided in this package, resulting dhcp-db-extend output file can be appended to the local dhcp-db.bro, and also can be shared with the community using dhcp-db-FBQ file generated by the python script. https://github.com/fatemabw/kyd

LetsEncrypt

By initconf

LetsEncrypt

localcountry

By stevesmoot

TODO: A more detailed description of LocalCountry. It can span multiple lines, with this indentation.

log-add-http-post-bodies

By corelight

Add a POST body excerpt into the HTTP log

log-add-vlan-everywhere

By corelight

Add VLAN to all logs.

Page 5 of 11, showing 20 record(s) out of 201 total