Spicy-based analyzer for the TFTP protocol.
A package that creates a log for sequences of packet lengths and times, allowing for new analytics based on these data features.
Detect US Social Security numbers in HTTP and SMTP with Bro.
User Agent Parser - Bro implementation based on uap-core
Help Zeek by finding unidentified file types.
Implementing coefficient of variation (standard deviation / average), sort of relative standard deviation.
Attempts to detect an attacker calling to the VENOM Linux Rootkit https://security.web.cern.ch/security/venom.shtml
Simple policy to detect VNC (RFB) scanners based on src->dst connection counts
This script adds a new Intel::WILDCARD_DOMAIN type that matches on the base domain name, regardless of what subdomain may be prepended to it.
Zeek script for interacting with the SCRAM client
This plugin provides native AF_Packet support for Zeek.
Label bogon IPs in conn.log