By corelight
A Zeek base NetSupport detector. NetSupport is often abused by attackers in malware.
By rvictory
Monitors for new domains being queried for and raises a notice for them
By dopheide
This script enables easy customation of how notice actions are handled. It's built to work with eZeekConfigurator, but that isn't required.
By corelight
Package that extends the Notice Framework to include `ACTION_TELEGRAM` for sending messages on notices over Telegram.
By dopheide
This script just replaces the old ntp-monlist script to work with Zeek 3.0.0+
By activecm
Find and log open, long-lived connections into "open_conn", "open_ssl", and "open_http" logs.
This script expands the base known-services policy to include is_local_orig flag to indicate if an outbound service was discovered from non-local nets (is_local_orig =F) or from local nets (is_local_orig=T).
Detect DoH servers by adding a is_DoH field in ssl.log and add timeout to them so that the DoH connection won't take too long
This script gets the gateway IP information taken from the dhcp logs, and adds a notice.log entry if the gateway address is identified
By nttcom
TODO: A more detailed description of icsnpp-bacnet. It can span multiple lines, with this indentation.
By nttcom
TODO: A more detailed description of spicy_cc_link_basic. It can span multiple lines, with this indentation.