By jsiwek
Gathers and prints field descriptions for all Zeek logs. The default output format is CSV files.
By corelight
Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.
By cybera
Sniffpass will alert on cleartext passwords discovered in HTTP POST requests
By dopheide
This script replaces the default ssh/interesting-hostnames and reduces the number of asyncrhonous when() calls made by Zeek.
By 0xxon
"This package generates a file called tls.log. The difference from ssl.log is that it is much more focused on logging all kinds of protocol features. This can be interesting for academic purposes - or if one is just interested in more information about specific features used in local TLS traffic."
By pgaulon
Package extending the Notice Framework to include to send Notices via Slack webhooks.
By corelight
Package that extends the Notice Framework to include `ACTION_TELEGRAM` for sending messages on notices over Telegram using ZeekJS.