Packages

log-add-http-post-bodies

By corelight

Add a POST body excerpt into the HTTP log

log-add-vlan-everywhere

By corelight

Add VLAN to all Bro logs.

log-filters

By hosom

Implement common log filters.

metron-bro-plugin-kafka

By apache

A Bro log writer plugin that sends logging output to Kafka.

phish-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

scan-NG

By initconf

scan detection in 2.x world. Forward porting of bro-1.5.3 scan.bro accompanied with new heuristics and quicker detections

scan-sampling

By jonzeolla

Modified version of scan.bro to add destination IP sampling.

smtp-url-analysis

By initconf

Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails

ssn-exposure

By sethhall

Detect US Social Security numbers in HTTP and SMTP with Bro.

tcprs

By jswaro

TCP Retransmission and State Analyzer plugin for Bro.

top-dns

By corelight

Log the top DNS queries being requested.

uap-bro

By vitalyrepin

User Agent Parser - Bro implementation based on uap-core

unknown-mime-type-discovery

By sethhall

A Bro package for finding new file signatures.

venom

By dopheide

Attempts to detect an attacker calling to the VENOM Linux Rootkit https://security.web.cern.ch/security/venom.shtml

vnc-scanner

By initconf

Simple policy to detect VNC (RFB) scanners based on src->dst connection counts

zeek-plugin-roca

By 0xxon

Identify certificates potentially affected by CVE-2017-15361

zeek-postgresql

By 0xxon

A PostgreSQL reader and writer for Bro.

zeek-sumstats-counttable

By 0xxon

Two-dimensional buckets for sumstats (count occurences per $str).

Page 4 of 4, showing 19 record(s) out of 79 total