zeek-quasarrat-detector

By corelight

An QuasarRAT malware detector.

zeek-quic

By corelight

Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.

zeek-sniffpass

By cybera

Sniffpass will alert on cleartext passwords discovered in HTTP POST requests

zeek-spicy-facefish

By corelight

A Facefish rootkit detector, based on Spicy.

zeek-spicy-ipsec

By corelight

An IPSec Zeek protocol analyzer based on Spicy.

zeek-spicy-openvpn

By corelight

A Zeek OpenVPN protocol analyzer, based on Spicy.

zeek-spicy-ospf

By corelight

A Zeek OSPF packet analyzer, based on Spicy.

zeek-spicy-stun

By corelight

A Zeek STUN protocol analyzer based on Spicy.

zeek-spicy-wireguard

By corelight

A Wireguard VPN protocol analyzer, based on Spicy.

zeek-ssh-interesting-hostnames-with-known

By dopheide

This script replaces the default ssh/interesting-hostnames and reduces the number of asyncrhonous when() calls made by Zeek.

zeek-strrat-detector

By corelight

A Zeek based STRRAT malware detector.

zeek-sumstats-counttable

By 0xxon

Two-dimensional buckets for sumstats (count occurences per $str).

zeek-tenzir

By tenzir

This package is the official Zeek integration for Tenzir.

zeek-tls-log-alternative

By 0xxon

"This package generates a file called tls.log. The difference from ssl.log is that it is much more focused on logging all kinds of protocol features. This can be interesting for academic purposes - or if one is just interested in more information about specific features used in local TLS traffic."

zeek-xor-exe-plugin

By corelight

A plugin to find Windows executables that have been XOR encoded.

zeekjs

By corelight

Experimental JavaScript support for Zeek.

zeekjs-misp

By awelzel

zeekjs-notice-slack

By pgaulon

Package extending the Notice Framework to include to send Notices via Slack webhooks.

zeekjs-notice-telegram

By corelight

Package that extends the Notice Framework to include `ACTION_TELEGRAM` for sending messages on notices over Telegram using ZeekJS.

zeekjs-redis

By mbispham

A zkg package that uses ZeekJS to overwrite the Logging Framework to output Zeek logs to Redis. Each log id type is associated with a unique key. For example, conn.log should be stored in the key zeek_conn_logs.