Identify bursty connections (large and fast)
Detect credit card numbers in HTTP and SMTP with Bro.
package to detect CVE-2017-5638 struts attack
Find and notice DNS zone transfer attempts.
Detect DNS Tunnels attack.
A library for getting the "effective tld" of a domain name.
MISP+Zeek. Dovehawk is a Zeek Module to import MISP indicators to the Intel Framework and Signature Framework automatically. Reports sightings directly back to MISP as they happen. Supports Zeek Clusters.
Dovehawk.io Passive DNS Capture Module.
Dovehawk Anonymized Outbound Flow Tracking
Create dummy connection records.
Set your logs on fire with Emojifier!
Extract files from network traffic with Bro.
Provides mechanisms for managing and using institutional knowledge about a monitored environment to make informed observations of normal and abnormal network activity.
HASSH is used to identify specific Client and Server SSH implementations. The fingerprints can be stored, searched and shared in the form of an MD5 fingerprint. This package logs components to ssh.log
HTTP Content-Security-Policy report parser
Page 3 of 5, showing 20 record(s) out of 99 total