Packages

bro-drwatson

By corelight

Discover and log information discovered in Microsoft DrWatson messages.

bro-hardware

By corelight

Scripts for cases where hardware device identifiers are discovered.

bro-shellshock

By corelight

Discover successful ShellShock attacks.

callstranger-detector

By corelight

Detects CallStranger (CVE) Exploitation Attempts

conn-burst

By corelight

Identify bursty connections (large and fast)

CVE-2020-16898

By corelight

A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability) AKA BadNeighbor

CVE-2020-5902-F5BigIP

By corelight

A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices.

CVE-2021-38647

By corelight

A Zeek package which detects CVE-2021-38647 (AKA OMIGOD) exploit attempts

CVE-2021-42292

By corelight

A package to detect CVE-2021-42292, a Microsoft Excel priviledge exploit.

cve-2021-44228

By corelight

A Zeek package which raises notices for RCE in Log4J (CVE-2021-44228).

cve-2022-21907

By corelight

A package to detect CVE-2022-21907

cve-2022-22954

By corelight

Detect CVE-2022-22954 attempts and exploits. Also logs what data was returned to the attacker.

CVE-2022-23270-PPTP

By corelight

A package to detect CVE-2022-23270.

CVE-2022-24491

By corelight

A CVE-2022-24491 detector.

CVE-2022-24497

By corelight

A CVE-2022-24497 detector.

cve-2022-26809

By corelight

CVE-2022-26809 is a DCE/RPC RCE exploit. This package detects both attempts and successful exploits.

CVE-2022-26937

By corelight

A Zeek package to detect CVE-2022-26937, a Windows NFS vulnerabilty.

detect-ransomware-filenames

By corelight

Watch SMB transactions for files whose filename matches patterns known to be used by ransomware

got_zoom

By corelight

Detect Zoom traffic

GQUIC_Protocol_Analyzer

By salesforce

Protocol analyzer that detects, dissects, fingerprints, and logs GQUIC traffic

Page 1 of 3, showing 20 record(s) out of 51 total