Packages

got_zoom

By corelight

Detect Zoom traffic

GQUIC_Protocol_Analyzer

By salesforce

Protocol analyzer that detects, dissects, fingerprints, and logs GQUIC traffic

hassh

By corelight

HASSH is used to identify specific Client and Server SSH implementations. The fingerprints can be stored, searched and shared in the form of an MD5 fingerprint. This package logs components to ssh.log

hello-world

By zeek

A test package to verify that your Zeek installation can install packages successfully.

http_csp

By srozb

HTTP Content-Security-Policy report parser

http-header-count

By elcabezzonn

a script that counts the client http headers.

http-stalling-detector

By corelight

Detect HTTP stalling attacks like slowloris.

icannTLD

By corelight

A Zeek script using Input Framework to get icann_tld, icann_domain, icann_host_subdomain, and is_trusted_domain from a DNS query. The field icann_host_subdomain contains the remaining query nodes after the domain is removed. The is_trusted_domain is populated from a separate Input Framework set.

icap

By mitre

Internet Content Adaptation Protocol (ICAP) Analyzer for Bro and Zeek.

icmp-exfil-detection

By sithari

Detects exfiltration of data over ICMP and writes to notice.log with the details of the exfil like duration, exfil size, source/dest ip, etc.

icmp-scans

By initconf

icmp-scans

icsnpp-bacnet

By cisagov

BACnet plugin for parsing and logging of the BACnet (building automation and control) protocol - CISA ICSNPP

icsnpp-bsap

By cisagov

BSAP over IP plugin for parsing and logging of the BSAP protocol - CISA ICSNPP

icsnpp-dnp3

By cisagov

DNP3 script for detailed logging of the DNP3 protocol - CISA ICSNPP

icsnpp-enip

By cisagov

Ethernet/IP and CIP plugin for parsing and logging of the Ethernet/IP and CIP protocols - CISA ICSNPP

icsnpp-ethercat

By cisagov

Ethercat plugin for parsing and logging of the Ethercat protocol - CISA ICSNPP

icsnpp-genisys

By cisagov

Genisys is a protocol defined by Union Switch & Signal for communicating with SCADA field devices, commonly used in the railway industry. It is similar in purpose to Modbus. Genisys was designed for use over serial connections, but is commonly transported over TCP as well. The protocol enables one client to communicate with one or more server devices over the same connection. The servers are identified by a one-octet server address. "Genisys" is a trademark of Union Switch & Signal.

icsnpp-modbus

By cisagov

Modbus script for detailed logging of the Modbus protocol - CISA ICSNPP

icsnpp-opcua-binary

By cisagov

OPC Unified Architecture Binary plugin for parsing and logging of the OPC UA Binary protocol - CISA ICSNPP

icsnpp-profinet-io-cm

By cisagov

Profinet I/O Context Manager uses traditional Ethernet hardware and software to define a network that structures the task of exchanging data, alarms and diagnostics with programmable controllers and other automation controllers

Page 5 of 13, showing 20 record(s) out of 253 total