Packages

spl-spt

By micrictor

A package that creates a log for sequences of packet lengths and times, allowing for new analytics based on these data features.

top-dns

By corelight

Log the top DNS queries being requested.

zeek-community-id

By corelight

"Community ID" flow hash support in conn.log

zeek-elf

By corelight

This package provides some basic analysis for ELF files.

zeek-globload

By corelight

This plugin adds support for shell-style glob patterns when loading Zeek scripts. For example, saying "@load startup.d/*.zeek" will load any Zeek scripts with a .zeek suffix from the startup.d folder.

zeek-jpeg

By corelight

This package provides some basic analysis for JPEG files.

zeek-long-connections

By corelight

Find and log long-lived connections into a "conn_long" log.

zeek-macho

By corelight

This package provides some basic analysis for Mach-o files.

zeek-notice-telegram

By corelight

Package that extends the Notice Framework to include `ACTION_TELEGRAM` for sending messages on notices over Telegram.

zeek-open-connections

By activecm

Find and log open, long-lived connections into a "conn_long" log.

zeek-openvpn

By corelight

A Zeek OpenVPN Protocol Analyzer

zeek-quic

By corelight

Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.

zeek-xor-exe-plugin

By corelight

A plugin to find Windows executables that have been XOR encoded.

zerologon

By corelight

Detects Zerologon (CVE-2020-1472) attempts and exploits.

ztest

By corelight

A Zeek Unit Testing Framework

Page 2 of 2, showing 15 record(s) out of 35 total