Zeek Package Manager: Packages

zeek-macho

This package provides some basic analysis for Mach-o files.

zeek-new-domains

Monitors for new domains being queried for and raises a notice for them

zeek-notice-config

This script enables easy customation of how notice actions are handled. It's built to work with eZeekConfigurator, but that isn't required.

zeek-notice-slack

By pgaulon

Zeek Notices through Slack webhook

zeek-ntp-monlist

By dopheide

This script just replaces the old ntp-monlist script to work with Zeek 3.0.0+

zeek-pdf-analyzer

By reservoirlabs

A PDF file analyzer for Zeek

zeek-plugin-bacnet

By amzn

Plugin that enables parsing of the BACnet standard building controls protocol

zeek-plugin-enip

By amzn

Plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards

zeek-plugin-ikev2

By ukncsc

Plugin that enables parsing of the IKEv2 protocol

zeek-plugin-profinet

By amzn

Plugin that enables parsing of the Profinet protocol

zeek-plugin-roca

By 0xxon

Identify certificates potentially affected by CVE-2017-15361

zeek-plugin-s7comm

By amzn

Plugin that enables parsing of the S7 protocol

zeek-plugin-tds

By amzn

Plugin that enables parsing of the Tabular Data Stream (TDS) protocol

zeek-postgresql

By 0xxon

A PostgreSQL reader and writer for Bro.

zeek-print-log-info

By jsiwek

Gathers and prints field descriptions for all Zeek logs. The default output format is CSV files.

zeek-quic

By corelight

Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.

zeek-sniffpass

By cybera

Sniffpass will alert on cleartext passwords discovered in HTTP POST requests

zeek-ssh-interesting-hostnames-with-known

By dopheide

This script replaces the default ssh/interesting-hostnames and reduces the number of asyncrhonous when() calls made by Zeek.

zeek-sumstats-counttable

By 0xxon

Two-dimensional buckets for sumstats (count occurences per $str).

zeek-test-package

By jsiwek

An example Zeek package for testing purposes.