Packages

ja3

By salesforce

JA3 creates 32 character SSL client fingerprints and logs them as a field in ssl.log. These fingerprints can easily be shared as threat intelligence or used as correlation items for enhanced alerting and analysis. This package also adds JA3 to the Zeek Intel Framework. https://github.com/salesforce/ja3

Joe-Sandbox-Bro

By joesecurity

JoeSandbox-Bro extracts files from your internet connection and analyzes them automatically on Joe Sandbox. Combined with Joe Sandbox's reporting and alerting features you can build a powerful IDS.

json-streaming-logs

By corelight

JSON streaming logs

kyd

By fatemabw

KYD creates DHCP client hashes and logs the fingerprints and associated device information in a separate log file 'dhcpfp.log. The Unknown fingerprints can easily be queried to the Fingerbanks API using the 'dhcp-unknown.py' script provided in this package, resulting dhcp-db-extend output file can be appended to the local dhcp-db.bro, and also can be shared with the community using dhcp-db-FBQ file generated by the python script. https://github.com/fatemabw/kyd

LetsEncrypt

By initconf

LetsEncrypt

localcountry

By stevesmoot

TODO: A more detailed description of LocalCountry. It can span multiple lines, with this indentation.

log-add-http-post-bodies

By corelight

Add a POST body excerpt into the HTTP log

log-add-vlan-everywhere

By corelight

Add VLAN to all logs.

log-filters

By hosom

Implement common log filters.

log4j

By initconf

zeek package to identify log4j exploit attempts for CVE-2021-44228

logfilter

By esnet-security

Enables plugins to write fine-grained policy for log filtering, modification, and path customization.

mdns

By fdekeers

Multicast DNS (mDNS) package for Zeek

metron-bro-plugin-kafka

By apache

A Bro log writer plugin that sends logging output to Kafka.

my_stats

By corelight

This package dumps stats for troubleshooting.

osquery-framework

By zeek

Osquery script framework for communicating with osquery endpoints

phish-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

pingback

By corelight

A Zeek package which detects ICMP ping tunnels created by the Pingback tool

qsentry-zeek

By qintel

Adds Qintel QSentry metadata to intel logs.

rdfp

By theparanoids

The script will create a new log which will log the details which build the fingerprint and some additional information. The fingerprint is created by concatenating extracted fields from different data packets. https://github.com/yahoo/rdfp

RDP-bruteforce

By initconf

rdp-bruteforce

Page 6 of 11, showing 20 record(s) out of 207 total