zeek-long-connections

By corelight

Find and log long-lived connections into a "conn_long" log.

zeek-mac-ages

By tenzir

zeek-macho

By corelight

This package provides some basic analysis for Mach-o files.

zeek-netmap

By zeek

Packet source plugin that provides native Netmap support.

zeek-new-domains

By rvictory

Monitors for new domains being queried for and raises a notice for them

zeek-notice-config

By dopheide

This script enables easy customation of how notice actions are handled. It's built to work with eZeekConfigurator, but that isn't required.

zeek-notice-slack

By pgaulon

Zeek Notices through Slack webhook

zeek-notice-telegram

By corelight

Package that extends the Notice Framework to include `ACTION_TELEGRAM` for sending messages on notices over Telegram.

zeek-ntp-monlist

By dopheide

This script just replaces the old ntp-monlist script to work with Zeek 3.0.0+

zeek-open-connections

By activecm

Find and log open, long-lived connections into a "conn_long" log.

zeek-openvpn

By corelight

A Zeek OpenVPN Protocol Analyzer

zeek-pdf-analyzer

By reservoirlabs

A PDF file analyzer for Zeek

zeek-plugin-bacnet

By amzn

Plugin that enables parsing of the BACnet standard building controls protocol

zeek-plugin-enip

By amzn

Plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards

zeek-plugin-ikev2

By ukncsc

Plugin that enables parsing of the IKEv2 protocol

zeek-plugin-profinet

By amzn

Plugin that enables parsing of the Profinet protocol

zeek-plugin-roca

By 0xxon

Identify certificates potentially affected by CVE-2017-15361

zeek-plugin-s7comm

By amzn

Plugin that enables parsing of the S7 protocol

zeek-plugin-tds

By amzn

Plugin that enables parsing of the Tabular Data Stream (TDS) protocol

zeek-postgresql

By 0xxon

A PostgreSQL reader and writer for Zeek.