Additional JSON-logging for Bro.
Adds cluster node name to logs.
package to manage blacklisted IP address ysing bro
Detects Bitcoin, Litecoin, or other cryptocurrency
mining traffic that uses getwork, getblocktemplate, or Stratum mining
protocols over TCP or HTTP.
Adds support for multi-notice correlation. For more information, see http://blog.samoehlert.com/correlating-bro-notices or the talk from BroCon 2016.
This plugin provides native AF_Packet support for Bro.
"Community ID" flow hash support in conn.log
Packet source plugin that provides native support for Endace DAG capture cards.
A broctl plugin that helps you troubleshoot common problems
Discover and log information discovered in Microsoft DrWatson messages.
This plugin provides fuzzy hashing for Bro.
Scripts for cases where hardware device identifiers are discovered.
A HTTP2 protocol analyzer for the Bro IDS.
A broctl plugin that helps you setup capture interfaces
Find different type of OSes and AV software in your network traffic.
This plugin adds a Site::is_darknet function.
This is useful for scripts that track scan attempts or other probes.
It can handle purely dark address space as well as honeynet space.
Generate and log ja3 ssl fingerprints
Raise notices on outgoing files over X bytes in size.
Also raise notices for multiple large outgoing Tx's in Y time frame.
This plugin provides liblognorm integration for Bro.
Find and log long-lived connections into a "conn_long" log.
Page 1 of 4, showing 20 record(s) out of 78 total