Generate and log ja3 ssl fingerprints
Raise notices on outgoing files over X bytes in size.
Also raise notices for multiple large outgoing Tx's in Y time frame.
This plugin provides liblognorm integration for Bro.
Packet source plugin that provides native Myricom SNF v3+v4 support.
Packet source plugin that provides native support for NTAPI
Add OUI lookup to Bro.
Packet source plugin that provides native PF_RING support.
Attempt to identify QUIC protocol
Discover successful ShellShock attacks.
Simple, high performance tcp scan detection
Zeek-Sysmon contains a python script that will read in a file, parse JSON Windows Event Logs, generate Zeek events, and forward them to Zeek. Default Zeek-Sysmon scripts log output to files.
This plugin provides native AF_XDP support for Bro.
ZeroMQ log writer.
BZAR - Bro/Zeek ATT&CK-based Analytics and Reporting.
Detects CallStranger (CVE) Exploitation Attempts
Adds Collective Intelligence Framework (CIF) metadata to intel logs.
A Zeek package which provides common encodings and operations.
Identify bursty connections (large and fast)
Page 2 of 9, showing 20 record(s) out of 180 total