Apple-RDP-net-assistant-DoS

By initconf

udp-3283-DoS

blacklist

By initconf

package to manage blacklisted IP address ysing bro

CVE-2017-5638_struts

By initconf

package to detect CVE-2017-5638 struts attack

CVE-2020-16898

By corelight

A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability) AKA BadNeighbor

CVE-2020-16898-Bad-Neighbor

By initconf

CVE-2020-16898: Bad Neighbor

detect-kaspersky

By initconf

kaspersky

dns-heuristics

By initconf

ftp-bruteforce

By initconf

ftp-bruteforce

icmp-scans

By initconf

icmp-scans

LetsEncrypt

By initconf

LetsEncrypt

log4j

By initconf

zeek package to identify log4j exploit attempts for CVE-2021-44228

phish-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

RDP-bruteforce

By initconf

rdp-bruteforce

scan-NG

By initconf

scan detection in 2.x world. Forward porting of bro-1.5.3 scan.bro accompanied with new heuristics and quicker detections

sip-attacks

By initconf

sip-attacks

smtp-url-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

vnc-scanner

By initconf

Simple policy to detect VNC (RFB) scanners based on src->dst connection counts

ws-discovery-dos

By initconf

udp-scan