top-dns

By corelight

Log the top DNS queries being requested.

uap-bro

By vitalyrepin

User Agent Parser - Bro implementation based on uap-core

unknown-mime-type-discovery

By sethhall

Help Zeek by finding unidentified file types.

variation_coefficient

By thibaultbl

Implementing coefficient of variation (standard deviation / average), sort of relative standard deviation.

venom

By dopheide

Attempts to detect an attacker calling to the VENOM Linux Rootkit https://security.web.cern.ch/security/venom.shtml

vnc-scanner

By initconf

Simple policy to detect VNC (RFB) scanners based on src->dst connection counts

wildcard-domain

By jbaggs

This script adds a new Intel::WILDCARD_DOMAIN type that matches on the base domain name, regardless of what subdomain may be prepended to it.

ws-discovery-dos

By initconf

udp-scan

zeek_metainfo

By stevesmoot

Create schemas in many forms for local Zeek installation/configuration. JSON, markup text, Avro, html so far.

zeek_perfsonar_owamp

By esnet

zeek_scram

By esnet-security

Zeek script for interacting with the SCRAM client

zeek-af_packet-plugin

By zeek

This plugin provides native AF_Packet support for Zeek.

zeek-agent-v2

By zeek-packages

zeek-agenttesla-detector

By corelight

An AgentTesla malware C2 detector.

zeek-amadey-detector

By keithjjones

A Zeek based Amadey malware detector.

zeek-asyncrat-detector

By corelight

An AsyncRAT malware detector.

zeek-bogon

By captainGeech42

Label bogon IPs in conn.log

zeek-capwap

By AmazingPP

zeek-community-id

By corelight

"Community ID" flow hash support in conn.log

zeek-conn-footprint

By awelzel

Regularly log footprints of long running connections.