Packages

icsnpp-profinet-io-cm

By cisagov

Profinet I/O Context Manager uses traditional Ethernet hardware and software to define a network that structures the task of exchanging data, alarms and diagnostics with programmable controllers and other automation controllers

indicator-rules

By anthonykasza

An extension to the Intel Framework. This package faciliates the creation of rules which Zeek can monitor for.

intel-extensions

By j-gras

Extensions for Zeek's intelligence framework.

intel-limiter

By j-gras

Limiter for Zeek's intelligence framework.

intel-seen-more

By j-gras

Additional seen-triggers for Zeek's intelligence framework.

ja3

By salesforce

JA3 creates 32 character SSL client fingerprints and logs them as a field in ssl.log. These fingerprints can easily be shared as threat intelligence or used as correlation items for enhanced alerting and analysis. This package also adds JA3 to the Zeek Intel Framework. https://github.com/salesforce/ja3

ja4

By foxio

Official Zeek package for JA4+ network fingerprinting.

Joe-Sandbox-Bro

By joesecurity

JoeSandbox-Bro extracts files from your internet connection and analyzes them automatically on Joe Sandbox. Combined with Joe Sandbox's reporting and alerting features you can build a powerful IDS.

kyd

By fatemabw

KYD creates DHCP client hashes and logs the fingerprints and associated device information in a separate log file 'dhcpfp.log. The Unknown fingerprints can easily be queried to the Fingerbanks API using the 'dhcp-unknown.py' script provided in this package, resulting dhcp-db-extend output file can be appended to the local dhcp-db.bro, and also can be shared with the community using dhcp-db-FBQ file generated by the python script. https://github.com/fatemabw/kyd

log-add-http-post-bodies

By corelight

Add a POST body excerpt into the HTTP log

log-filters

By hosom

Implement common log filters.

metron-bro-plugin-kafka

By apache

A Bro log writer plugin that sends logging output to Kafka.

phish-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

rdfp

By theparanoids

The script will create a new log which will log the details which build the fingerprint and some additional information. The fingerprint is created by concatenating extracted fields from different data packets. https://github.com/yahoo/rdfp

RDP-bruteforce

By initconf

rdp-bruteforce

S7Comm-Analyzer

By dw2102

Protocol parser for the Siemens S7Comm and S7CommPlus protocol. Both parser are based on the Iso-Over-TCP protocol. Not all functions are covered in this analyzer, it may not capture all of the packets.

scan-NG

By initconf

scan detection in 2.x world. Forward porting of bro-1.5.3 scan.bro accompanied with new heuristics and quicker detections

scan-sampling

By jonzeolla

Modified version of scan.bro to add destination IP sampling.

smtp-url-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

ssn-exposure

By sethhall

Detect US Social Security numbers in HTTP and SMTP with Bro.

Page 4 of 6, showing 20 record(s) out of 118 total