Packages
By theflakes
Raise notices on outgoing files over X bytes in size.
Also raise notices for multiple large outgoing Tx's in Y time frame.
By j-gras
This plugin provides liblognorm integration for Zeek.
By sethhall
Packet source plugin that provides native Myricom SNF v3+v4 support.
By hosom
Packet source plugin that provides native support for NTAPI
By hosom
Add OUI lookup to Bro.
By ntop
Packet source plugin that provides native PF_RING support.
By dopheide
Attempt to identify QUIC protocol
By corelight
Discover successful ShellShock attacks.
By ncsa
Simple, high performance tcp scan detection
By salesforce
Zeek-Sysmon contains a python script that will read in a file, parse JSON Windows Event Logs, generate Zeek events, and forward them to Zeek. Default Zeek-Sysmon scripts log output to files.
By irtimmer
This plugin provides native AF_XDP support for Bro.
By ncsa
ZeroMQ log writer.
By mitre-attack
BZAR - Bro/Zeek ATT&CK-based Analytics and Reporting.
By corelight
Identify bursty connections (large and fast)
By sethhall
Detect credit card numbers in HTTP and SMTP with Bro.
By 0xxon
"Test script for CVE-2020-0601. Binary package, requires OpenSSL 1.1.x"
By corelight
A package to detect CVE-2021-42292, a Microsoft Excel priviledge exploit.
Page 2 of 6, showing 20 record(s) out of 118 total