remote_asn_geoip_conn

By amarokinc

Adds ASN and GeoIP data directly to conn.log for the REMOTE connection. The script checks the orig and resp host fields to determine which one is not defined as part of the local IP ranges and subsequently performs a lookup on the MaxMind ASN and GeoIP databases.

S7Comm-Analyzer

By dw2102

Protocol parser for the Siemens S7Comm and S7CommPlus protocol. Both parser are based on the Iso-Over-TCP protocol. Not all functions are covered in this analyzer, it may not capture all of the packets.

scan-NG

By initconf

scan detection in 2.x world. Forward porting of bro-1.5.3 scan.bro accompanied with new heuristics and quicker detections

scan-sampling

By jonzeolla

Modified version of scan.bro to add destination IP sampling.

shodan-zeek

By shodan

Get IP address information from the Shodan InternetDB.

sip-attacks

By initconf

sip-attacks

smb2-remote-file-copy

By elcabezzonn

a script that identifies remote file copies over smb2

smbfp

By micrictor

A package to create a fingerprint of SMB clients

smtp-url-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

spicy-analyzers

By zeek

spicy-dhcp

By zeek

Spicy-based analyzer for the DHCP protocol.

spicy-dns

By zeek

Spicy-based analyzer for the DNS protocol.

spicy-http

By zeek

Spicy-based analyzer for the HTTP protocol.

spicy-ldap

By zeek

An LDAP analyzer based on Spicy

spicy-nats

By evantypanski

A NATS protocol parser!

spicy-pe

By zeek

Spicy-based analyzer for the Portable Executable (PE) image format

spicy-plugin

By zeek

spicy-png

By zeek

Spicy-based analyzer for the PNG file format.

spicy-redis

By evantypanski

Spicy-based analyzer for Redis

spicy-tftp

By zeek

Spicy-based analyzer for the TFTP protocol.