By fatemabw
Find different type of OSes and AV software in your network traffic.
By corelight
A package to detect CVE-2021-42292, a Microsoft Excel priviledge exploit.
By corelight
Watch SMB transactions for files whose filename matches patterns known to be used by ransomware
By dovehawk
MISP+Zeek. Dovehawk is a Zeek Module to import MISP indicators to the Intel Framework and Signature Framework automatically. Reports sightings directly back to MISP as they happen. Supports Zeek Clusters.
By corelight
HASSH is used to identify specific Client and Server SSH implementations. The fingerprints can be stored, searched and shared in the form of an MD5 fingerprint. This package logs components to ssh.log
By cisagov
OPC Unified Architecture Binary plugin for parsing and logging of the OPC UA Binary protocol - CISA ICSNPP
By cisagov
Profinet I/O Context Manager uses traditional Ethernet hardware and software to define a network that structures the task of exchanging data, alarms and diagnostics with programmable controllers and other automation controllers
By cisagov
Synchrophasor (as defined in C37.118.2-2011 IEEE Standard for Synchrophasor Data Transfer for Power Systems) defines a simple and direct method of data transmission and accretion within a phasor measurement system.
By salesforce
JA3 creates 32 character SSL client fingerprints and logs them as a field in ssl.log. These fingerprints can easily be shared as threat intelligence or used as correlation items for enhanced alerting and analysis. This package also adds JA3 to the Zeek Intel Framework. https://github.com/salesforce/ja3
By joesecurity
JoeSandbox-Bro extracts files from your internet connection and analyzes them automatically on Joe Sandbox. Combined with Joe Sandbox's reporting and alerting features you can build a powerful IDS.
By endace
Packet source plugin that provides native support for Endace DAG card and EndaceProbe Application Dock packet capture.
Page 1 of 2, showing 20 record(s) out of 23 total