CVE-2020-16898

By corelight

A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability) AKA BadNeighbor

cve-2020-16898

By esnet-security

Detects CVE-2020-16898: "Bad Neighbor"

logfilter

By esnet-security

Enables plugins to write fine-grained policy for log filtering, modification, and path customization.

mdns

By fdekeers

Multicast DNS (mDNS) package for Zeek

zeek_perfsonar_owamp

By esnet

zeek_scram

By esnet-security

Zeek script for interacting with the SCRAM client

zeek-ebury

By esnet-security

This script attempts to detect the Ebury ssh backdoor based on having base64 in the ssh client string.

zeek-exporter

By esnet

Prometheus exporter for Zeek performance data

zeek-jetdirect

By dopheide

Detect exploit attempt of HP JetDirect printers

Zeek-Known-Services-With-OrigFlag

By esnet-security

This script expands the base known-services policy to include is_local_orig flag to indicate if the service was discovered from non-local nets (is_local_orig =F) or from local nets (is_local_orig=T).

zeek-outbound-known-services-with-origflag

By esnet-security

This script expands the base known-services policy to include is_local_orig flag to indicate if an outbound service was discovered from non-local nets (is_local_orig =F) or from local nets (is_local_orig=T).

zeek-quic

By corelight

Detects the Google QUIC (GQUIC) protocol and adds "gquic" to conn.log's "service" field.