Packages

zeek-exporter

By esnet

Prometheus exporter for Zeek performance data

zeek-globload

By corelight

This plugin adds support for shell-style glob patterns when loading Zeek scripts. For example, saying "@load startup.d/*.zeek" will load any Zeek scripts with a .zeek suffix from the startup.d folder.

zeek-httpattacks

By precurse

Checks for HTTP anomalies typically used for attacking.

zeek-intel-path

By captainGeech42

Extend Intel framework to alert on URL paths

zeek-jemalloc-profiling

By justinazoff

A broctl plugin that enables jemalloc profiling

zeek-jetdirect

By dopheide

Detect exploit attempt of HP JetDirect printers

zeek-jpeg

By corelight

This package provides some basic analysis for JPEG files.

zeek-kafka

By seisollc

A Zeek log writer plugin that publishes to Kafka.

zeek-known-hosts-with-dns

By dopheide

This script expands the base known-hosts policy to include reverse DNS queries and syncs it across all workers.

zeek-known-outbound

By dopheide

This script provides the ability to monitor and throw notices for outbound connections to a list of watched countries. It also adds orig and resp country codes to conn.log. It depends on having libmaxmind configured for GeoIP lookups.

Zeek-Known-Services-With-OrigFlag

By esnet-security

This script expands the base known-services policy to include is_local_orig flag to indicate if the service was discovered from non-local nets (is_local_orig =F) or from local nets (is_local_orig=T).

zeek-log-all-http-headers

By sethhall

Add all HTTP headers and values to the HTTP log.

zeek-long-connections

By corelight

Find and log long-lived connections into a "conn_long" log.

zeek-mac-ages

By tenzir

zeek-macho

By corelight

This package provides some basic analysis for Mach-o files.

zeek-netmap

By zeek

Packet source plugin that provides native Netmap support.

zeek-network-statistics

By 0xxon

Perform regular network measurements and report results.

zeek-new-domains

By rvictory

Monitors for new domains being queried for and raises a notice for them

zeek-notice-config

By dopheide

This script enables easy customation of how notice actions are handled. It's built to work with eZeekConfigurator, but that isn't required.

zeek-notice-slack

By pgaulon

Zeek Notices through Slack webhook

Page 9 of 11, showing 20 record(s) out of 212 total