Explore @corelight Open Source projects

Corelight, Inc. (@corelight)

corelight

Stars
1,316
Global Org. Rank 12,610 (Top 5 %)
Registered almost 8 years ago
Most used languages

Zeek 52.3 %

Shell
10.5 %

Python
9.3 %

Bro 5.8 %

Dockerfile
3.5 %

Go
3.5 %

JavaScript
3.5 %

C++
2.3 %

Jinja 2.3 %

CMake 2.3 %

Perl
1.2 %

Standard ML 1.2 %

C
1.2 %

Rust
1.2 %
Location 🇺🇸 United States
Country Total Rank 7,637
Country Ranking

Zeek 2

Bro 8

Jinja 114

Standard ML 167

CMake 311

Perl
488

Dockerfile
955

Shell
2,475

Go
4,207

Python
4,447

Rust
5,374

C++
8,688

zeek-cheatsheets

Zeek Log Cheatsheets

community-id-spec

An open standard for hashing network flows into identifiers, a.k.a "Community IDs".

threat-hunting-guide

raspi-corelight

Corelight@Home script

ecs-mapping

Mapping Corelight or Zeek data to Elastic Common Schema fields

ripple20

A Zeek package for the passive detection of "Ripple20" vulnerabilities in the Treck TCP/IP stack.

zeek2es

A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for further processing!

zeek-community-id

Zeek support for Community ID flow hashing.

cve-2022-26809

Detects attempts and successful exploitation of CVE-2022-26809

cwrap

Auto wrap C and C++ functions with instrumentation

zeek-long-connections

Zeek package for tracking long connections to report them before they have completed.

Elasticsearch_rules

Elastic version of SOC prime watcher rules

json-streaming-logs

Bro script package to create JSON formatted logs to stream into data analysis systems.

pycommunityid

A Python implementation of the Community ID flow hashing standard

cve-2021-44228

Log4j Exploit Detection Logic for Zeek

http-stalling-detector

Detect HTTP stalling attacks like slowloris with Bro

detect-ransomware-filenames

CVE-2021-42292

A Zeek package to detect CVE-2021-42292, a Microsoft Excel local privilege escalation exploit.

corelight-client

Corelight Sensor API command-line client

Dashboards-Splunk-DNS-Hunting-Beaconing

DNS Dashboard for hunting and identifying beaconing

log-add-http-post-bodies

Add POST body excerpt to Bro's HTTP log

Corelight-Ansible-Roles

Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, Suricata and Zeek solutions.

json-tcp-lb

line based tcp load balancing proxy.

CVE-2021-31166

HTTP Protocol Stack CVE-2021-31166

conn-burst

A Bro package to identify connections that are bursting (lots of data and transferring quickly).

suricata_exporter

A Prometheus Exporter for Suricata

got_zoom

A Zeek package that detects Zoom logins and meeting joins

zerologon

Zeek package to detect Zerologon

zeek-elf

A Zeek ELF File Analyzer

zeek-quic

Bro analyzer that detects Google's QUIC protocol

ecs-logstash-mappings

Mapping Corelight or Zeek data to Elastic Common Schema logs

top-dns

Top DNS Measurement for Bro

SIGRed

Detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed)

CVE-2021-1675

CVE-2020-16898

A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability)

zeek-spicy-openvpn

A Zeek OpenVPN protocol analyzer, based on Spicy.

zeekjs

ZeekJS - Experimental JavaScript support for Zeek.

phantom-playbooks

ecs-dashboards

pingback

A Zeek package to detect the Pingback malware ICMP tunnel command and control (C2) network traffic.

ecs-templates

Corelight or Zeek Elastic Common Schema Templates

zeek-openvpn

A Zeek OpenVPN protocol analyzer plugin.

zeek-spicy-ospf

A Zeek OSPF packet analyzer based on Spicy.

docker-fleet-api-ci

Ubuntu-based builder including Go, NPM and Ruby tool FPM (for fleet-api)

zeek-jpeg

A Zeek JPEG File Analyzer

CVE-2020-14882-weblogicRCE

Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 / CVE-2020-14750

bro-maxminddb

Plugin to support libmaxminddb in Bro

zeek-spicy-ipsec

A Zeek IPSec protocol analyzer based on Spicy.

CVE-2021-38647

CVE-2021-38647 AKA "OMIGOD" vulnerability in Windows OMI

log-add-vlan-everywhere

Add VLAN tags to all Zeek logs

callstranger-detector

Zeek Plugin that detects CallStranger (CVE-2020-12695) attempts (http://callstranger.com/)

zeek-xor-exe-plugin

Zeek plugin to detect and decrypt XOR-encrypted EXEs

CVE-2022-26937

A Zeek package to detect CVE-2022-26937, a vulnerability in the Network Lock Manager (NLM) protocol in Windows NFS server.

CVE-2020-5902-F5BigIP

A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices.

CVE-2022-3602

Detects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL v 3.0.0 through v.3.0.6

cve-2022-21907

plotcap

Plot packet and data rates over time given a PCAP file, with gnuplot.

c-community-id

A reusable C implementation of the Community ID standard

zeek-spicy-stun

A Zeek STUN protocol analyzer based on Spicy.

zeek-spicy-wireguard

A Zeek Wireguard protocol analyzer based on Spicy.

zeek-macho

A Zeek Mach-o File Analyzer

icannTLD

Zeek script using the official ICANN Top-Level Domain (TLD) list with the Input Framework to extract the relevant information from a DNS query and mark whether it's trusted or not. The source of the ICANN TLD's can be found here: https://publicsuffix.org/list/effective_tld_names.dat. The Trusted Domains list is a custom list, created by the user, to filter domains during searches.

CVE-2022-24497

A Zeek detector for CVE-2022-24497.

redxor

Detection of Linux Malware C2 RedXOR - demonstration

C2-detection-manjusaka

Detection of Manjusaka C2 framework

zeek-indenter

A python package to indent Zeek scripts per the Whitesmiths coding style.

zeek-smb-clear-state

reduce amount of tracked smb state

Chronicle

Chronicle parser for CORELIGHT and related information.

bro-hardware

Hardware description script module for Bro.

CVE-2022-24491

A Zeek CVE-2022-24491 detector.

docker-terraform-serverless

Dockerfile building Serverless with Terraform for CI/CD

ztest

Zeek Unit Testing. Provides a framework to write unit tests for Zeek scripts.

bro-shellshock

ShellShock attack and exploit detector for Bro.

zeekjs-notice-telegram

Zeek Notice Telegram (ZeekJS edition)

PetitPotam

http-more-files-names

Add more filenames to files.log from HTTP requests

bro-drwatson

Dr. Watson catcher script for Bro.

ansible-awx-docker-bundle

zeek-ssl-clear-state

Clear SSL State earlier to reduce memory usage

hassh

Fingerprint SSH clients and servers.

bro-protosigs

Purely signature based protocol detection for Bro

CVE-2022-23270-PPTP

A Zeek package to detect CVE-2022-23270, a PPTP vulnerability in Windows.

go-zeek-broker-ws

A Go library for using zeek broker's websocket API

softsensor-docker-prototype

Softsensor Docker prototype

zeek-notice-telegram

Send Notices as messages over Telegram

cve-2022-22954

boa-detector

A vulnerable Boa web server detector.

zeek-spicy-facefish

A Zeek protocol analyzer for the Facefish rootkit, based on Spicy.

zeek-globload

Zeek package to support glob patterns in the @load directive

alpine-aws

Alpine docker container preloaded with AWS CLI and Git for CI/CD

zeek-ta-splunk

zeek-spicy-radius

A Zeek Radius protocol analyzer, written in Spicy.

CVE-2022-30216

Zeek detection logic for CVE-2022-30216.

CVE-2021-41773

A Zeek package which raises notices for Path Traversal/RCE in Apache HTTP Server 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013)

zeek-asyncrat-detector

A Zeek based AsyncRAT malware detector.