By fatemabw
KYD creates DHCP client hashes and logs the fingerprints and associated device information in a separate log file 'dhcpfp.log. The Unknown fingerprints can easily be queried to the Fingerbanks API using the 'dhcp-unknown.py' script provided in this package, resulting dhcp-db-extend output file can be appended to the local dhcp-db.bro, and also can be shared with the community using dhcp-db-FBQ file generated by the python script. https://github.com/fatemabw/kyd
By stevesmoot
TODO: A more detailed description of LocalCountry. It can span multiple lines, with this indentation.
Enables plugins to write fine-grained policy for log filtering, modification, and path customization.
By zeek
This package generates schemas for Zeek's logs. For every log your Zeek installation produces, the schema describes each log field including name, type, docstring, and more. The package supports JSON Schema, CSV, a Zeek log to capture schema information, and a custom JSON representation. It understands Zeek's log customization in detail. The schema export code is extensible, allowing you to produce your own schemas.
By initconf
Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails
By theparanoids
The script will create a new log which will log the details which build the fingerprint and some additional information. The fingerprint is created by concatenating extracted fields from different data packets. https://github.com/yahoo/rdfp
By amarokinc
Adds ASN and GeoIP data directly to conn.log for the REMOTE connection. The script checks the orig and resp host fields to determine which one is not defined as part of the local IP ranges and subsequently performs a lookup on the MaxMind ASN and GeoIP databases.
By dw2102
Protocol parser for the Siemens S7Comm and S7CommPlus protocol. Both parser are based on the Iso-Over-TCP protocol. Not all functions are covered in this analyzer, it may not capture all of the packets.