Zeek Package Manager: Packages

Packages

conn-burst

By corelight

Identify bursty connections (large and fast)

credit-card-exposure

By sethhall

Detect credit card numbers in HTTP and SMTP with Bro.

CVE-2017-5638_struts

By initconf

package to detect CVE-2017-5638 struts attack

dns_axfr

By srozb

Find and notice DNS zone transfer attempts.

domain-tld

By sethhall

A library for getting the "effective tld" of a domain name.

MISP+Zeek. Dovehawk is a Zeek Module to import MISP indicators to the Intel Framework and Signature Framework automatically. Reports sightings directly back to MISP as they happen. Supports Zeek Clusters.

dovehawk_dns

By dovehawk

Dovehawk.io Passive DNS Capture Module.

dovehawk_flow

By dovehawk

Dovehawk Anonymized Outbound Flow Tracking

dummy-connections

By hosom

Create dummy connection records.

emojifier

By emojifier

Set your logs on fire with Emojifier!

file-extraction

By hosom

Extract files from network traffic with Bro.

find_smbv1

By klehigh

find SMBv1 activity

fix-ascii

By reservoirlabs

ASCII FIX analyzer package

fix-binary

By reservoirlabs

binary FIX analyzer package

flow_labels

By bricata

Provides mechanisms for managing and using institutional knowledge about a monitored environment to make informed observations of normal and abnormal network activity.

ftp-bruteforce

By initconf

ftp-bruteforce

hassh

By salesforce

HASSH is used to identify specific Client and Server SSH implementations. The fingerprints can be stored, searched and shared in the form of an MD5 fingerprint. This package logs components to ssh.log

<< first
<< Previous

Next >>
last >>

Page 3 of 6, showing 20 record(s) out of 112 total

Packages

bro-zeromq-writer

conn-burst

credit-card-exposure

CVE-2017-5638_struts

detect-kaspersky

dns_axfr

dns-tunnels

domain-tld

dovehawk

dovehawk_dns

dovehawk_flow

dummy-connections

emojifier

file-extraction

find_smbv1

fix-ascii

fix-binary

flow_labels

ftp-bruteforce

hassh