Packages

venom

By dopheide

Attempts to detect an attacker calling to the VENOM Linux Rootkit https://security.web.cern.ch/security/venom.shtml

vnc-scanner

By initconf

Simple policy to detect VNC (RFB) scanners based on src->dst connection counts

zeek-known-hosts-with-dns

By dopheide

This script expands the base known-hosts policy to include reverse DNS queries and syncs it across all workers.

zeek-ntp-monlist

By dopheide

This script just replaces the old ntp-monlist script to work with Zeek 3.0.0+

zeek-plugin-roca

By 0xxon

Identify certificates potentially affected by CVE-2017-15361

zeek-postgresql

By 0xxon

A PostgreSQL reader and writer for Bro.

zeek-sniffpass

By cybera

Sniffpass will alert on cleartext passwords discovered in HTTP POST requests

zeek-ssh-interesting-hostnames-with-known

By dopheide

This script replaces the default ssh/interesting-hostnames and reduces the number of asyncrhonous when() calls made by Zeek.

zeek-sumstats-counttable

By 0xxon

Two-dimensional buckets for sumstats (count occurences per $str).

Page 5 of 5, showing 10 record(s) out of 90 total