spicy-dhcp

By zeek

Spicy-based analyzer for the DHCP protocol.

spicy-dns

By zeek

Spicy-based analyzer for the DNS protocol.

spicy-http

By zeek

Spicy-based analyzer for the HTTP protocol.

spicy-ldap

By zeek

An LDAP analyzer based on Spicy

spicy-pe

By zeek

Spicy-based analyzer for the Portable Executable (PE) image format

spicy-plugin

By zeek

spicy-png

By zeek

Spicy-based analyzer for the PNG file format.

spicy-tftp

By zeek

Spicy-based analyzer for the TFTP protocol.

spicy-zip

By zeek

Spicy-based analyzer for the ZIP file format.

spl-spt

By micrictor

A package that creates a log for sequences of packet lengths and times, allowing for new analytics based on these data features.

ssn-exposure

By sethhall

Detect US Social Security numbers in HTTP and SMTP with Bro.

suppress-ssl-notices

By chrisanag1985

A Module that tries to minimize the noise from the SSL::Invalid_Server_Cert notices.

tcprs

By jswaro

TCP Retransmission and State Analyzer plugin for Bro.

top-dns

By corelight

Log the top DNS queries being requested.

uap-bro

By vitalyrepin

User Agent Parser - Bro implementation based on uap-core

unknown-mime-type-discovery

By sethhall

Help Zeek by finding unidentified file types.

variation_coefficient

By thibaultbl

Implementing coefficient of variation (standard deviation / average), sort of relative standard deviation.

venom

By dopheide

Attempts to detect an attacker calling to the VENOM Linux Rootkit https://security.web.cern.ch/security/venom.shtml

vnc-scanner

By initconf

Simple policy to detect VNC (RFB) scanners based on src->dst connection counts

wildcard-domain

By jbaggs

This script adds a new Intel::WILDCARD_DOMAIN type that matches on the base domain name, regardless of what subdomain may be prepended to it.