By corelight
A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability) AKA BadNeighbor
By corelight
A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices.
By corelight
A Zeek package which detects CVE-2021-38647 (AKA OMIGOD) exploit attempts
By corelight
A package to detect CVE-2021-42292, a Microsoft Excel priviledge exploit.
By corelight
Watch SMB transactions for files whose filename matches patterns known to be used by ransomware
By salesforce
Protocol analyzer that detects, dissects, fingerprints, and logs GQUIC traffic
By corelight
A Zeek script using Input Framework to get icann_tld, icann_domain, icann_host_subdomain, and is_trusted_domain from a DNS query. The field icann_host_subdomain contains the remaining query nodes after the domain is removed. The is_trusted_domain is populated from a separate Input Framework set.
By salesforce
JA3 creates 32 character SSL client fingerprints and logs them as a field in ssl.log. These fingerprints can easily be shared as threat intelligence or used as correlation items for enhanced alerting and analysis. This package also adds JA3 to the Zeek Intel Framework. https://github.com/salesforce/ja3