scan-NG

By initconf

scan detection in 2.x world. Forward porting of bro-1.5.3 scan.bro accompanied with new heuristics and quicker detections

scan-sampling

By jonzeolla

Modified version of scan.bro to add destination IP sampling.

shodan-zeek

By shodan

Get IP address information from the Shodan InternetDB.

sip-attacks

By initconf

sip-attacks

smb2-remote-file-copy

By elcabezzonn

a script that identifies remote file copies over smb2

smbfp

By micrictor

A package to create a fingerprint of SMB clients

smtp-url-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

spicy-analyzers

By zeek

spicy-dhcp

By zeek

Spicy-based analyzer for the DHCP protocol.

spicy-dns

By zeek

Spicy-based analyzer for the DNS protocol.

spicy-http

By zeek

Spicy-based analyzer for the HTTP protocol.

spicy-ldap

By zeek

An LDAP analyzer based on Spicy

spicy-pe

By zeek

Spicy-based analyzer for the Portable Executable (PE) image format

spicy-plugin

By zeek

spicy-png

By zeek

Spicy-based analyzer for the PNG file format.

spicy-redis

By evantypanski

Spicy-based analyzer for Redis

spicy-tftp

By zeek

Spicy-based analyzer for the TFTP protocol.

spicy-zip

By zeek

Spicy-based analyzer for the ZIP file format.

spl-spt

By micrictor

A package that creates a log for sequences of packet lengths and times, allowing for new analytics based on these data features.

ssl-extensions

By anthonykasza

A proof-of-concept demonstrating scriptland parsing and event routing for all SSL extensions