A package that creates a log for sequences of packet lengths and times, allowing for new analytics based on these data features.
A Module that tries to minimize the noise from the SSL::Invalid_Server_Cert notices.
Implementing coefficient of variation (standard deviation / average), sort of relative standard deviation.
Attempts to detect an attacker calling to the VENOM Linux Rootkit https://security.web.cern.ch/security/venom.shtml
Simple policy to detect VNC (RFB) scanners based on src->dst connection counts
This script adds a new Intel::WILDCARD_DOMAIN type that matches on the base domain name, regardless of what subdomain may be prepended to it.
Create schemas in many forms for local Zeek installation/configuration. JSON, markup text, Avro, html so far.