By theparanoids
The script will create a new log which will log the details which build the fingerprint and some additional information. The fingerprint is created by concatenating extracted fields from different data packets. https://github.com/yahoo/rdfp
By amarokinc
Adds ASN and GeoIP data directly to conn.log for the REMOTE connection. The script checks the orig and resp host fields to determine which one is not defined as part of the local IP ranges and subsequently performs a lookup on the MaxMind ASN and GeoIP databases.
By dw2102
Protocol parser for the Siemens S7Comm and S7CommPlus protocol. Both parser are based on the Iso-Over-TCP protocol. Not all functions are covered in this analyzer, it may not capture all of the packets.
By initconf
scan detection in 2.x world. Forward porting of bro-1.5.3 scan.bro accompanied with new heuristics and quicker detections
By initconf
Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails
By micrictor
A package that creates a log for sequences of packet lengths and times, allowing for new analytics based on these data features.
By thibaultbl
Implementing coefficient of variation (standard deviation / average), sort of relative standard deviation.