By dopheide
Adds support for multi-notice correlation. For more information, see http://blog.samoehlert.com/correlating-bro-notices or the talk from BroCon 2016.
By dopheide
Attempts to detect an attacker calling to the VENOM Linux Rootkit https://security.web.cern.ch/security/venom.shtml
By dopheide
This script expands the base known-hosts policy to include reverse DNS queries and syncs it across all workers.
By dopheide
This script provides the ability to monitor and throw notices for outbound connections to a list of watched countries. It also adds orig and resp country codes to conn.log. It depends on having libmaxmind configured for GeoIP lookups.
By dopheide
This script enables easy customation of how notice actions are handled. It's built to work with eZeekConfigurator, but that isn't required.
By dopheide
This script just replaces the old ntp-monlist script to work with Zeek 3.0.0+
By corelight
Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.
By dopheide
This script replaces the default ssh/interesting-hostnames and reduces the number of asyncrhonous when() calls made by Zeek.
Page 1 of 1, showing 10 record(s) out of 10 total