Packages

ACID

By cisagov

ATT&CK-based Control-system Indicator Detection (ACID) is a collection of Zeek scripts designed to detect ATT&CK for ICS behaviors on OT protocols. These events are reported through the Zeek Notice framework.

bro-http2

By mitrecnd

A HTTP2 protocol analyzer for the Zeek NSM.

bzar

By mitre-attack

BZAR - Bro/Zeek ATT&CK-based Analytics and Reporting.

CVE-2021-42292

By corelight

A package to detect CVE-2021-42292, a Microsoft Excel priviledge exploit.

cve-2021-44228

By corelight

A Zeek package which raises notices for RCE in Log4J (CVE-2021-44228).

cve-2022-21907

By corelight

A package to detect CVE-2022-21907

CVE-2022-24491

By corelight

A CVE-2022-24491 detector.

CVE-2022-24497

By corelight

A CVE-2022-24497 detector.

icap

By mitre

Internet Content Adaptation Protocol (ICAP) Analyzer for Bro and Zeek.

icmp-exfil-detection

By sithari

Detects exfiltration of data over ICMP and writes to notice.log with the details of the exfil like duration, exfil size, source/dest ip, etc.

Page 1 of 1, showing 10 record(s) out of 10 total