Packages

gait

By sandialabs

Adds fields to conn and ssl logs useful for fingeprinting and timing analysis

geoip-conn

By brimsec

Adds additional fields to the conn.log for the data obtained via Zeek's GeoLocation feature (https://docs.zeek.org/en/current/frameworks/geoip.html).

got_zoom

By corelight

Detect Zoom traffic

GQUIC_Protocol_Analyzer

By salesforce

Protocol analyzer that detects, dissects, fingerprints, and logs GQUIC traffic

hassh

By corelight

HASSH is used to identify specific Client and Server SSH implementations. The fingerprints can be stored, searched and shared in the form of an MD5 fingerprint. This package logs components to ssh.log

hello-world

By zeek

A test package to verify that your Zeek installation can install packages successfully.

http_csp

By srozb

HTTP Content-Security-Policy report parser

http-header-count

By elcabezzonn

a script that counts the client http headers.

http-stalling-detector

By corelight

Detect HTTP stalling attacks like slowloris.

icannTLD

By corelight

v27.10.0 - A Zeek script using Input Framework to get icann_tld, icann_domain, icann_host_subdomain, and is_trusted_domain from a DNS query. The field icann_host_subdomain contains the remaining query nodes after the domain is removed. The is_trusted_domain is populated from a separate Input Framework set.

icap

By mitre

Internet Content Adaptation Protocol (ICAP) Analyzer for Bro and Zeek.

icmp-exfil-detection

By sithari

Detects exfiltration of data over ICMP and writes to notice.log with the details of the exfil like duration, exfil size, source/dest ip, etc.

icmp-scans

By initconf

icmp-scans

icsnpp-bacnet

By cisagov

BACnet plugin for parsing and logging of the BACnet (building automation and control) protocol - CISA ICSNPP

icsnpp-bsap

By cisagov

BSAP over IP plugin for parsing and logging of the BSAP protocol - CISA ICSNPP

icsnpp-dnp3

By cisagov

DNP3 script for detailed logging of the DNP3 protocol - CISA ICSNPP

icsnpp-enip

By cisagov

Ethernet/IP and CIP plugin for parsing and logging of the Ethernet/IP and CIP protocols - CISA ICSNPP

icsnpp-ethercat

By cisagov

Ethercat plugin for parsing and logging of the Ethercat protocol - CISA ICSNPP

icsnpp-ge-srtp

By cisagov

GE-SRTP is a proprietary protocol used for communication between a GE PLC and a GE HMI. The GE-SRTP protocol parser is based off of the research paper that can be accessed at https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/70/ Like Modbus, the GE-SRTP protocol can read both discrete and analog inputs.

icsnpp-genisys

By cisagov

Genisys is a protocol defined by Union Switch & Signal for communicating with SCADA field devices, commonly used in the railway industry. It is similar in purpose to Modbus. Genisys was designed for use over serial connections, but is commonly transported over TCP as well. The protocol enables one client to communicate with one or more server devices over the same connection. The servers are identified by a one-octet server address. "Genisys" is a trademark of Union Switch & Signal.

Page 5 of 14, showing 20 record(s) out of 261 total