By brimsec
Adds additional fields to the conn.log for the data obtained via Zeek's GeoLocation feature (https://docs.zeek.org/en/current/frameworks/geoip.html).
By salesforce
Protocol analyzer that detects, dissects, fingerprints, and logs GQUIC traffic
By corelight
HASSH is used to identify specific Client and Server SSH implementations. The fingerprints can be stored, searched and shared in the form of an MD5 fingerprint. This package logs components to ssh.log
By zeek
A test package to verify that your Zeek installation can install packages successfully.
By corelight
v28.0.0 - A Zeek script using Input Framework to get icann_tld, icann_domain, icann_host_subdomain, and is_trusted_domain from a DNS query. The field icann_host_subdomain contains the remaining query nodes after the domain is removed. The is_trusted_domain is populated from a separate Input Framework set.
By sithari
Detects exfiltration of data over ICMP and writes to notice.log with the details of the exfil like duration, exfil size, source/dest ip, etc.
By cisagov
BACnet plugin for parsing and logging of the BACnet (building automation and control) protocol - CISA ICSNPP
By cisagov
BSAP over IP plugin for parsing and logging of the BSAP protocol - CISA ICSNPP
By cisagov
ANSI C12.22/IEEE Std 1703 describe a protocol for transporting ANSI C12.19 table data over networks, for the purpose of interoperability among communications modules and meters.
By cisagov
Ethernet/IP and CIP plugin for parsing and logging of the Ethernet/IP and CIP protocols - CISA ICSNPP
By cisagov
Ethercat plugin for parsing and logging of the Ethercat protocol - CISA ICSNPP
By cisagov
GE-SRTP is a proprietary protocol used for communication between a GE PLC and a GE HMI. The GE-SRTP protocol parser is based off of the research paper that can be accessed at https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/70/ Like Modbus, the GE-SRTP protocol can read both discrete and analog inputs.