By brimsec
Adds additional fields to the conn.log for the data obtained via Zeek's GeoLocation feature (https://docs.zeek.org/en/current/frameworks/geoip.html).
By salesforce
Protocol analyzer that detects, dissects, fingerprints, and logs GQUIC traffic
By corelight
HASSH is used to identify specific Client and Server SSH implementations. The fingerprints can be stored, searched and shared in the form of an MD5 fingerprint. This package logs components to ssh.log
By zeek
A test package to verify that your Zeek installation can install packages successfully.
By corelight
v28.0.0 - A Zeek script using Input Framework to get icann_tld, icann_domain, icann_host_subdomain, and is_trusted_domain from a DNS query. The field icann_host_subdomain contains the remaining query nodes after the domain is removed. The is_trusted_domain is populated from a separate Input Framework set.
By sithari
Detects exfiltration of data over ICMP and writes to notice.log with the details of the exfil like duration, exfil size, source/dest ip, etc.
By cisagov
BACnet plugin for parsing and logging of the BACnet (building automation and control) protocol - CISA ICSNPP
By cisagov
BSAP over IP plugin for parsing and logging of the BSAP protocol - CISA ICSNPP
By cisagov
Ethernet/IP and CIP plugin for parsing and logging of the Ethernet/IP and CIP protocols - CISA ICSNPP
By cisagov
Ethercat plugin for parsing and logging of the Ethercat protocol - CISA ICSNPP
By cisagov
GE-SRTP is a proprietary protocol used for communication between a GE PLC and a GE HMI. The GE-SRTP protocol parser is based off of the research paper that can be accessed at https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/70/ Like Modbus, the GE-SRTP protocol can read both discrete and analog inputs.
By cisagov
Genisys is a protocol defined by Union Switch & Signal for communicating with SCADA field devices, commonly used in the railway industry. It is similar in purpose to Modbus. Genisys was designed for use over serial connections, but is commonly transported over TCP as well. The protocol enables one client to communicate with one or more server devices over the same connection. The servers are identified by a one-octet server address. "Genisys" is a trademark of Union Switch & Signal.