Tag and group devices based on a LAN's structure
Adds cluster node's interface to logs.
Additional JSON-logging for Bro.
Adds cluster node name to logs.
A module for tracking and correlating abnormal DNS behavior. Detection of tunneling and C&C through connection duration and volume, request and answer size, DNS request type, and unique queries per domain.
package to manage blacklisted IP address ysing bro
Adds support for multi-notice correlation. For more information, see http://blog.samoehlert.com/correlating-bro-notices or the talk from BroCon 2016.
This plugin provides native AF_Packet support for Zeek.
"Community ID" flow hash support in conn.log
Packet source plugin that provides native support for Endace DAG capture cards.
A broctl plugin that helps you troubleshoot common problems
For cluster-related checks, the package "add-node-names" is recommended.
Discover and log information discovered in Microsoft DrWatson messages.
This plugin provides fuzzy hashing for Bro.
Scripts for cases where hardware device identifiers are discovered.
A HTTP2 protocol analyzer for the Bro IDS.
A broctl plugin that helps you setup capture interfaces
Find different type of OSes and AV software in your network traffic.
This plugin adds a Site::is_darknet function.
This is useful for scripts that track scan attempts or other probes.
It can handle purely dark address space as well as honeynet space.
Page 1 of 7, showing 20 record(s) out of 125 total