Packages

icsnpp-genisys

By cisagov

Genisys is a protocol defined by Union Switch & Signal for communicating with SCADA field devices, commonly used in the railway industry. It is similar in purpose to Modbus. Genisys was designed for use over serial connections, but is commonly transported over TCP as well. The protocol enables one client to communicate with one or more server devices over the same connection. The servers are identified by a one-octet server address. "Genisys" is a trademark of Union Switch & Signal.

icsnpp-hart-ip

By cisagov

HART-IP is the IP extension of the Highway Addressable Remote Transducer (HART) protocol. The HART protocol is a hybrid analog+digital industrial automation open protocol. It is currently maintained by the FieldComm Group (https://www.fieldcommgroup.org/).

icsnpp-modbus

By cisagov

Modbus script for detailed logging of the Modbus protocol - CISA ICSNPP

icsnpp-omron-fins

By cisagov

ICSNPP-Omron-FINS is a Spicy based Zeek plugin for parsing and logging fields within the Omron FINS protocol.

icsnpp-opcua-binary

By cisagov

OPC Unified Architecture Binary plugin for parsing and logging of the OPC UA Binary protocol - CISA ICSNPP

icsnpp-profinet-io-cm

By cisagov

Profinet I/O Context Manager uses traditional Ethernet hardware and software to define a network that structures the task of exchanging data, alarms and diagnostics with programmable controllers and other automation controllers

icsnpp-roc-plus

By cisagov

ICSNPP-ROC-Plus is a Spicy based Zeek plugin for parsing and logging fields within the ROC Plus protocol.

icsnpp-s7comm

By cisagov

S7Comm & S7Comm Plus plugin for parsing and logging of the S7Comm, S7Comm Plus and COTP protocols - CISA ICSNPP

icsnpp-synchrophasor

By cisagov

Synchrophasor (as defined in C37.118.2-2011 IEEE Standard for Synchrophasor Data Transfer for Power Systems) defines a simple and direct method of data transmission and accretion within a phasor measurement system.

igmp

By fdekeers

A Spicy-based packet analyzer for the IGMP protocol. Supports IGMPv1, v2 and v3.

indicator-rules

By anthonykasza

An extension to the Intel Framework. This package faciliates the creation of rules which Zeek can monitor for.

intel-expire

By j-gras

Per item expiration for Zeek's intelligence framework.

intel-extensions

By j-gras

Extensions for Zeek's intelligence framework.

intel-limiter

By j-gras

Limiter for Zeek's intelligence framework.

intel-seen-more

By j-gras

Additional seen-triggers for Zeek's intelligence framework.

ja3

By salesforce

JA3 creates 32 character SSL client fingerprints and logs them as a field in ssl.log. These fingerprints can easily be shared as threat intelligence or used as correlation items for enhanced alerting and analysis. This package also adds JA3 to the Zeek Intel Framework. https://github.com/salesforce/ja3

ja4

By foxio

Official Zeek package for JA4+ network fingerprinting.

ja4

By anthonykasza

An implementation of the JA4 standard in a Zeek package.

Joe-Sandbox-Bro

By joesecurity

JoeSandbox-Bro extracts files from your internet connection and analyzes them automatically on Joe Sandbox. Combined with Joe Sandbox's reporting and alerting features you can build a powerful IDS.

json-streaming-logs

By corelight

JSON streaming logs

Page 6 of 14, showing 20 record(s) out of 270 total