Packages

log-filters

By hosom

Implement common log filters.

log4j

By initconf

zeek package to identify log4j exploit attempts for CVE-2021-44228

logfilter

By esnet-security

Enables plugins to write fine-grained policy for log filtering, modification, and path customization.

metron-bro-plugin-kafka

By apache

A Bro log writer plugin that sends logging output to Kafka.

my_stats

By corelight

This package dumps stats for troubleshooting.

osquery-framework

By zeek

Osquery script framework for communicating with osquery endpoints

phish-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

pingback

By corelight

A Zeek package which detects ICMP ping tunnels created by the Pingback tool

qsentry-zeek

By qintel

Adds Qintel QSentry metadata to intel logs.

rdfp

By theparanoids

The script will create a new log which will log the details which build the fingerprint and some additional information. The fingerprint is created by concatenating extracted fields from different data packets. https://github.com/yahoo/rdfp

RDP-bruteforce

By initconf

rdp-bruteforce

remote_asn_geoip_conn

By amarokinc

Adds ASN and GeoIP data directly to conn.log for the REMOTE connection. The script checks the orig and resp host fields to determine which one is not defined as part of the local IP ranges and subsequently performs a lookup on the MaxMind ASN and GeoIP databases.

S7Comm-Analyzer

By dw2102

Protocol parser for the Siemens S7Comm and S7CommPlus protocol. Both parser are based on the Iso-Over-TCP protocol. Not all functions are covered in this analyzer, it may not capture all of the packets.

scan-NG

By initconf

scan detection in 2.x world. Forward porting of bro-1.5.3 scan.bro accompanied with new heuristics and quicker detections

scan-sampling

By jonzeolla

Modified version of scan.bro to add destination IP sampling.

sflow

By reservoirlabs

sFlow analyzer package

sip-attacks

By initconf

sip-attacks

smb2-remote-file-copy

By elcabezzonn

a script that identifies remote file copies over smb2

smbfp

By micrictor

A package to create a fingerprint of SMB clients

smtp-url-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

Page 6 of 11, showing 20 record(s) out of 201 total