Packages
By corelight
"Community ID" flow hash support in conn.log
By corelight
Discover and log information discovered in Microsoft DrWatson messages.
By corelight
Scripts for cases where hardware device identifiers are discovered.
By corelight
Find and log long-lived connections into a "conn_long" log.
By corelight
Detects the Google QUIC (GQUIC) protocol and adds "gquic"
to conn.log's "service" field.
By corelight
Discover successful ShellShock attacks.
By corelight
A plugin to find Windows executables that have been XOR encoded.
By corelight
Identify bursty connections (large and fast)
By salesforce
Protocol analyzer that detects, dissects, fingerprints, and logs GQUIC traffic
By corelight
Detect HTTP stalling attacks like slowloris.
By salesforce
JA3 creates 32 character SSL client fingerprints and logs them as a field in ssl.log. These fingerprints can easily be shared as threat intelligence or used as correlation items for enhanced alerting and analysis. This package also adds JA3 to the Bro Intel Framework.
https://github.com/salesforce/ja3
By corelight
Add a POST body excerpt into the HTTP log
By zeek
Osquery script framework for communicating with osquery endpoints
By corelight
Log the top DNS queries being requested.
Page 1 of 1, showing 16 record(s) out of 16 total