Zeek Package Manager: Packages

Packages

2024-09-cups-linux-rce

aaalm

Tag and group devices based on a LAN's structure

ACID

ATT&CK-based Control-system Indicator Detection (ACID) is a collection of Zeek scripts designed to detect ATT&CK for ICS behaviors on OT protocols. These events are reported through the Zeek Notice framework.

add-interfaces

Adds cluster node's interface to logs.

add-json

Additional JSON-logging for Zeek.

add-node-names

Adds cluster node name to logs.

anomalous-dns

A module for tracking and correlating abnormal DNS behavior. Detection of tunneling and C&C through connection duration and volume, request and answer size, DNS request type, and unique queries per domain. Statistical classification of fast flux networks based on A records and ASNs.

appid

Leverage nDPI and other info to make informed guess at the application for a connection.

Apple-RDP-net-assistant-DoS

udp-3283-DoS

bad-asn

Adds ASN reputation data of external IP addresses to notice.log if the ASN crosses a predetermined threshold as defined by circl.lu

BinaryHeap

Binary Heap Implementation

blacklist

package to manage blacklisted IP address ysing bro

boa-detector

A vulnerable Boa web server detector.

bro_notice_correlation

Adds support for multi-notice correlation. For more information, see http://blog.samoehlert.com/correlating-bro-notices or the talk from BroCon 2016.

bro-af_packet-plugin

This plugin provides native AF_Packet support for Zeek.

bro-doctor

A broctl plugin that helps you troubleshoot common problems For cluster-related checks, the package "add-node-names" is recommended.

bro-drwatson

Discover and log information discovered in Microsoft DrWatson messages.

bro-fuzzy-hashing

This plugin provides fuzzy hashing for Bro.

bro-hardware

Scripts for cases where hardware device identifiers are discovered.

bro-http2

A HTTP2 protocol analyzer for the Zeek NSM.

<< Previous

1
2
3
4
5
6
7
8
9

Next >>
last >>

Page 1 of 14, showing 20 record(s) out of 262 total