Per item expiration for Zeek's intelligence framework.
Extensions for Zeek's intelligence framework.
Limiter for Zeek's intelligence framework.
Additional seen-triggers for Zeek's intelligence framework.
JA3 creates 32 character SSL client fingerprints and logs them as a field in ssl.log. These fingerprints can easily be shared as threat intelligence or used as correlation items for enhanced alerting and analysis. This package also adds JA3 to the Zeek Intel Framework. https://github.com/salesforce/ja3
JoeSandbox-Bro extracts files from your internet connection and analyzes them automatically on Joe Sandbox. Combined with Joe Sandbox's reporting and alerting features you can build a powerful IDS.
JSON streaming logs
KYD creates DHCP client hashes and logs the fingerprints and associated device information in a separate log file 'dhcpfp.log. The Unknown fingerprints can easily be queried to the Fingerbanks API using the 'dhcp-unknown.py' script provided in this package, resulting dhcp-db-extend output file can be appended to the local dhcp-db.bro, and also can be shared with the community using dhcp-db-FBQ file generated by the python script. https://github.com/fatemabw/kyd
TODO: A more detailed description of LocalCountry. It can span multiple lines, with this indentation.
Add a POST body excerpt into the HTTP log
Add VLAN to all logs.
Implement common log filters.
Enables plugins to write fine-grained policy for log filtering, modification, and path customization.
A Bro log writer plugin that sends logging output to Kafka.
Osquery script framework for communicating with osquery endpoints
Suite of smtp related policies includes extracting and logging URLs from emails and various smtp anomaly detection heuristics to help flag phishing emails