Attempts to detect an attacker calling to the VENOM Linux Rootkit https://security.web.cern.ch/security/venom.shtml
Simple policy to detect VNC (RFB) scanners based on src->dst connection counts
This script expands the base known-hosts policy to include reverse DNS queries and syncs it across all workers.
This script just replaces the old ntp-monlist script to work with Zeek 3.0.0+
Sniffpass will alert on cleartext passwords discovered in HTTP POST requests
This script replaces the default ssh/interesting-hostnames and reduces the number of asyncrhonous when() calls made by Zeek.