Packages
By amzn
Plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
By ukncsc
Plugin that enables parsing of the IKEv2 protocol
By amzn
Plugin that enables parsing of the Profinet protocol
By 0xxon
Identify certificates potentially affected by CVE-2017-15361
By amzn
Plugin that enables parsing of the S7 protocol
By amzn
Plugin that enables parsing of the Tabular Data Stream (TDS) protocol
By 0xxon
A PostgreSQL reader and writer for Zeek.
By jsiwek
Gathers and prints field descriptions for all Zeek logs.
The default output format is CSV files.
By corelight
Detects the Google QUIC (GQUIC) protocol and adds "gquic"
to conn.log's "service" field.
By cybera
Sniffpass will alert on cleartext passwords discovered in HTTP POST requests
By dopheide
This script replaces the default ssh/interesting-hostnames and reduces the number of asyncrhonous when() calls made by Zeek.
By 0xxon
Two-dimensional buckets for sumstats (count occurences per $str).
By jsiwek
An example Zeek package for testing purposes.
By sirinsoftware
This plugin provides Testimony support for Zeek.
By 0xxon
"This package generates a file called tls.log. The difference from ssl.log is that it is much more focused on logging all kinds of protocol features. This can be interesting for academic purposes - or if one is just interested in more information about specific features used in local TLS traffic."
By tenzir
A package that enables Zeek to communicate with VAST
By corelight
A plugin to find Windows executables that have been XOR encoded.
By corelight
Detects Zerologon (CVE-2020-1472) attempts and exploits.
Page 9 of 9, showing 20 record(s) out of 180 total