Packages

anomalous-dns

By jbaggs

A module for tracking and correlating abnormal DNS behavior. Detection of tunneling and C&C through connection duration and volume, request and answer size, DNS request type, and unique queries per domain. Statistical classification of fast flux networks based on A records and ASNs.

appid

By stevesmoot

Leverage nDPI and other info to make informed guess at the application for a connection.

bro-myricom

By sethhall

Packet source plugin that provides native Myricom SNF v3+v4 support.

credit-card-exposure

By sethhall

Detect credit card numbers in HTTP and SMTP with Bro.

domain-tld

By sethhall

A library for getting the "effective tld" of a domain name.

intel-seen-more

By j-gras

Additional seen-triggers for Zeek's intelligence framework.

ssn-exposure

By sethhall

Detect US Social Security numbers in HTTP and SMTP with Bro.

top-dns

By corelight

Log the top DNS queries being requested.

unknown-mime-type-discovery

By sethhall

Help Zeek by finding unidentified file types.

zeek-log-all-http-headers

By sethhall

Add all HTTP headers and values to the HTTP log.

zeek-new-domains

By rvictory

Monitors for new domains being queried for and raises a notice for them

Page 1 of 1, showing 11 record(s) out of 11 total