Packages

bro-community-id

By corelight

"Community ID" flow hash support in conn.log

bro-drwatson

By corelight

Discover and log information discovered in Microsoft DrWatson messages.

bro-hardware

By corelight

Scripts for cases where hardware device identifiers are discovered.

bro-long-connections

By corelight

Find and log long-lived connections into a "conn_long" log.

bro-quic

By corelight

Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.

bro-shellshock

By corelight

Discover successful ShellShock attacks.

bro-xor-exe-plugin

By corelight

A plugin to find Windows executables that have been XOR encoded.

conn-burst

By corelight

Identify bursty connections (large and fast)

http-stalling-detector

By corelight

Detect HTTP stalling attacks like slowloris.

json-streaming-logs

By corelight

JSON streaming logs

log-add-http-post-bodies

By corelight

Add a POST body excerpt into the HTTP log

log-add-vlan-everywhere

By corelight

Add VLAN to all Bro logs.

osquery-framework

By zeek

Osquery script framework for communicating with osquery endpoints

top-dns

By corelight

Log the top DNS queries being requested.

Page 1 of 1, showing 14 record(s) out of 14 total