Monitors for new domains being queried for and raises a notice for them
This script enables easy customation of how notice actions are handled. It's built to work with eZeekConfigurator, but that isn't required.
This script just replaces the old ntp-monlist script to work with Zeek 3.0.0+
Plugin that enables parsing of the BACnet standard building controls protocol
Plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
Gathers and prints field descriptions for all Zeek logs. The default output format is CSV files.
Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.
Sniffpass will alert on cleartext passwords discovered in HTTP POST requests
This script replaces the default ssh/interesting-hostnames and reduces the number of asyncrhonous when() calls made by Zeek.