Packages

hello-world

By zeek

A test package to verify that your Zeek installation can install packages successfully.

http_csp

By srozb

HTTP Content-Security-Policy report parser

http-header-count

By elcabezzonn

a script that counts the client http headers.

http-stalling-detector

By corelight

Detect HTTP stalling attacks like slowloris.

icannTLD

By corelight

A Zeek script using Input Framework to get icann_tld, icann_domain, icann_host_subdomain, and is_trusted_domain from a DNS query. The field icann_host_subdomain contains the remaining query nodes after the domain is removed. The is_trusted_domain is populated from a separate Input Framework set.

icap

By mitre

Internet Content Adaptation Protocol (ICAP) Analyzer for Bro and Zeek.

icmp-exfil-detection

By sithari

Detects exfiltration of data over ICMP and writes to notice.log with the details of the exfil like duration, exfil size, source/dest ip, etc.

icmp-scans

By initconf

icmp-scans

icsnpp-bacnet

By cisagov

BACnet plugin for parsing and logging of the BACnet (building automation and control) protocol - CISA ICSNPP

icsnpp-bsap

By cisagov

BSAP over IP plugin for parsing and logging of the BSAP protocol - CISA ICSNPP

icsnpp-dnp3

By cisagov

DNP3 script for detailed logging of the DNP3 protocol - CISA ICSNPP

icsnpp-enip

By cisagov

Ethernet/IP and CIP plugin for parsing and logging of the Ethernet/IP and CIP protocols - CISA ICSNPP

icsnpp-ethercat

By cisagov

Ethercat plugin for parsing and logging of the Ethercat protocol - CISA ICSNPP

icsnpp-genisys

By cisagov

Genisys is a protocol defined by Union Switch & Signal for communicating with SCADA field devices, commonly used in the railway industry. It is similar in purpose to Modbus. Genisys was designed for use over serial connections, but is commonly transported over TCP as well. The protocol enables one client to communicate with one or more server devices over the same connection. The servers are identified by a one-octet server address. "Genisys" is a trademark of Union Switch & Signal.

icsnpp-modbus

By cisagov

Modbus script for detailed logging of the Modbus protocol - CISA ICSNPP

icsnpp-opcua-binary

By cisagov

OPC Unified Architecture Binary plugin for parsing and logging of the OPC UA Binary protocol - CISA ICSNPP

icsnpp-s7comm

By cisagov

S7Comm & S7Comm Plus plugin for parsing and logging of the S7Comm, S7Comm Plus and COTP protocols - CISA ICSNPP

icsnpp-synchrophasor

By cisagov

Synchrophasor (as defined in C37.118.2-2011 IEEE Standard for Synchrophasor Data Transfer for Power Systems) defines a simple and direct method of data transmission and accretion within a phasor measurement system.

igmp

By fdekeers

A Spicy-based packet analyzer for the IGMP protocol. Supports IGMPv1, v2 and v3.

indicator-rules

By anthonykasza

An extension to the Intel Framework. This package faciliates the creation of rules which Zeek can monitor for.

Page 5 of 12, showing 20 record(s) out of 222 total