Packages

zeek-package-detect-DoH

By stratosphereips

Detect DoH servers by adding a is_DoH field in ssl.log and add timeout to them so that the DoH connection won't take too long

zeek-package-IRC

By stratosphereips

Zeek Package that extracts features of IRC communication

zeek-package-log-gateway-IP

By stratosphereips

This script gets the gateway IP information taken from the dhcp logs, and adds a notice.log entry if the gateway address is identified

zeek-parser-CIFS-COM

By nttcom

TODO: A more detailed description of test. It can span multiple lines, with this indentation.

zeek-plugin-bacnet

By amzn

Plugin that enables parsing of the BACnet standard building controls protocol

zeek-plugin-enip

By amzn

Plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards

zeek-plugin-ikev2

By ukncsc

Plugin that enables parsing of the IKEv2 protocol

zeek-plugin-roca

By 0xxon

Identify certificates potentially affected by CVE-2017-15361

zeek-plugin-s7comm

By amzn

Plugin that enables parsing of the S7 protocol

zeek-postgresql

By 0xxon

A PostgreSQL reader and writer for Zeek.

zeek-quic

By corelight

Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.

zeek-sniffpass

By cybera

Sniffpass will alert on cleartext passwords discovered in HTTP POST requests

zeek-spicy-ospf

By corelight

A Zeek OSPF packet analyzer, based on Spicy.

zeek-ssh-interesting-hostnames-with-known

By dopheide

This script replaces the default ssh/interesting-hostnames and reduces the number of asyncrhonous when() calls made by Zeek.

zeek-sumstats-counttable

By 0xxon

Two-dimensional buckets for sumstats (count occurences per $str).

zeek-test-package

By jsiwek

An example Zeek package for testing purposes.

zeek-xor-exe-plugin

By corelight

A plugin to find Windows executables that have been XOR encoded.

ztest

By corelight

A Zeek Unit Testing Framework

Page 6 of 6, showing 18 record(s) out of 118 total