zeek-exporter

By esnet

Prometheus exporter for Zeek performance data

zeek-httpattacks

By precurse

Checks for HTTP anomalies typically used for attacking.

zeek-jemalloc-profiling

By justinazoff

A broctl plugin that enables jemalloc profiling

zeek-jpeg

By corelight

This package provides some basic analysis for JPEG files.

zeek-known-hosts-with-dns

By dopheide

This script expands the base known-hosts policy to include reverse DNS queries and syncs it across all workers.

zeek-mac-ages

By tenzir

zeek-macho

By corelight

This package provides some basic analysis for Mach-o files.

zeek-notice-config

By dopheide

This script enables easy customation of how notice actions are handled. It's built to work with eZeekConfigurator, but that isn't required.

zeek-notice-slack

By pgaulon

Bro Notices through Slack webhook

zeek-ntp-monlist

By dopheide

This script just replaces the old ntp-monlist script to work with Zeek 3.0.0+

zeek-plugin-bacnet

By amzn

Plugin that enables parsing of the BACnet standard building controls protocol

zeek-plugin-enip

By amzn

Plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards

zeek-plugin-ikev2

By ukncsc

Plugin that enables parsing of the IKEv2 protocol

zeek-plugin-profinet

By amzn

Plugin that enables parsing of the Profinet protocol

zeek-plugin-roca

By 0xxon

Identify certificates potentially affected by CVE-2017-15361

zeek-plugin-s7comm

By amzn

Plugin that enables parsing of the S7 protocol

zeek-plugin-tds

By amzn

Plugin that enables parsing of the Tabular Data Stream (TDS) protocol

zeek-postgresql

By 0xxon

A PostgreSQL reader and writer for Bro.

zeek-print-log-info

By jsiwek

Gathers and prints field descriptions for all Zeek logs. The default output format is CSV files.

zeek-sniffpass

By cybera

Sniffpass will alert on cleartext passwords discovered in HTTP POST requests