-
Stars3
-
Rank 3,896,000 (Top 79 %)
-
Language
-
License
BSD 3-Clause "New... -
Created almost 2 years ago
-
Updated 10 months ago
Reviews
There are no reviews yet. Be the first to send feedback to the community and the maintainers!
Repository Details
Detection of Manjusaka C2 framework
More Repositories
1
zeek-cheatsheets
Zeek Log Cheatsheets
280
2
community-id-spec
An open standard for hashing network flows into identifiers, a.k.a "Community IDs".Python
164
3
threat-hunting-guide
40
4
raspi-corelight
Corelight@Home scriptShell
37
5
ecs-mapping
Mapping Corelight or Zeek data to Elastic Common Schema fields
34
6
ripple20
A Zeek package for the passive detection of "Ripple20" vulnerabilities in the Treck TCP/IP stack.
Zeek
34
7
zeek2es
A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for further processing!Python
33
8
zeek-community-id
Zeek support for Community ID flow hashing.
Zeek
32
9
cve-2022-26809
Detects attempts and successful exploitation of CVE-2022-26809
Zeek
32
10
cwrap
Auto wrap C and C++ functions with instrumentationPerl
30
11
zeek-long-connections
Zeek package for tracking long connections to report them before they have completed.
Zeek
28
12
Elasticsearch_rules
Elastic version of SOC prime watcher rules
27
13
json-streaming-logs
Bro script package to create JSON formatted logs to stream into data analysis systems.
Zeek
27
14
pycommunityid
A Python implementation of the Community ID flow hashing standardPython
24
15
cve-2021-44228
Log4j Exploit Detection Logic for Zeek
Zeek
18
16
http-stalling-detector
Detect HTTP stalling attacks like slowloris with Bro
Bro
18
17
detect-ransomware-filenames
Zeek
17
18
CVE-2021-42292
A Zeek package to detect CVE-2021-42292, a Microsoft Excel local privilege escalation exploit.
Zeek
17
19
corelight-client
Corelight Sensor API command-line clientPython
15
20
Dashboards-Splunk-DNS-Hunting-Beaconing
DNS Dashboard for hunting and identifying beaconing
14
21
log-add-http-post-bodies
Add POST body excerpt to Bro's HTTP log
Zeek
14
22
Corelight-Ansible-Roles
Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, Suricata and Zeek solutions.
Jinja
14
23
json-tcp-lb
line based tcp load balancing proxy.Go
13
24
CVE-2021-31166
HTTP Protocol Stack CVE-2021-31166
Zeek
13
25
conn-burst
A Bro package to identify connections that are bursting (lots of data and transferring quickly).
Bro
12
26
suricata_exporter
A Prometheus Exporter for SuricataGo
12
27
got_zoom
A Zeek package that detects Zoom logins and meeting joins
Zeek
12
28
zerologon
Zeek package to detect Zerologon
Zeek
12
29
zeek-elf
A Zeek ELF File Analyzer
Zeek
11
30
zeek-quic
Bro analyzer that detects Google's QUIC protocolJavaScript
11
31
ecs-logstash-mappings
Mapping Corelight or Zeek data to Elastic Common Schema logs
11
32
top-dns
Top DNS Measurement for Bro
Zeek
11
33
SIGRed
Detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed)
Zeek
10
34
CVE-2021-1675
Shell
9
35
CVE-2020-16898
A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability)
Zeek
9
36
zeek-spicy-openvpn
A Zeek OpenVPN protocol analyzer, based on Spicy.
Zeek
8
37
zeekjs
ZeekJS - Experimental JavaScript support for Zeek.C++
8
38
phantom-playbooks
Python
7
39
ecs-dashboards
7
40
pingback
A Zeek package to detect the Pingback malware ICMP tunnel command and control (C2) network traffic.
Zeek
7
41
ecs-templates
Corelight or Zeek Elastic Common Schema TemplatesPython
7
42
zeek-openvpn
A Zeek OpenVPN protocol analyzer plugin.JavaScript
7
43
zeek-spicy-ospf
A Zeek OSPF packet analyzer based on Spicy.
Zeek
7
44
docker-fleet-api-ci
Ubuntu-based builder including Go, NPM and Ruby tool FPM (for fleet-api)Dockerfile
7
45
zeek-jpeg
A Zeek JPEG File Analyzer
Zeek
7
46
CVE-2020-14882-weblogicRCE
Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 / CVE-2020-14750
Zeek
7
47
bro-maxminddb
Plugin to support libmaxminddb in Bro
CMake
6
48
zeek-spicy-ipsec
A Zeek IPSec protocol analyzer based on Spicy.
Zeek
6
49
CVE-2021-38647
CVE-2021-38647 AKA "OMIGOD" vulnerability in Windows OMI
Zeek
6
50
log-add-vlan-everywhere
Add VLAN tags to all Zeek logs
Zeek
6
51
callstranger-detector
Zeek Plugin that detects CallStranger (CVE-2020-12695) attempts (http://callstranger.com/)
Zeek
6
52
zeek-xor-exe-plugin
Zeek plugin to detect and decrypt XOR-encrypted EXEsC++
6
53
CVE-2022-26937
A Zeek package to detect CVE-2022-26937, a vulnerability in the Network Lock Manager (NLM) protocol in Windows NFS server.Shell
5
54
CVE-2020-5902-F5BigIP
A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices.
Zeek
5
55
CVE-2022-3602
Detects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL v 3.0.0 through v.3.0.6
Zeek
4
56
cve-2022-21907
cve-2022-21907
Zeek
4
57
plotcap
Plot packet and data rates over time given a PCAP file, with gnuplot.Rust
4
58
c-community-id
A reusable C implementation of the Community ID standardC
4
59
zeek-spicy-stun
A Zeek STUN protocol analyzer based on Spicy.
Zeek
4
60
zeek-spicy-wireguard
A Zeek Wireguard protocol analyzer based on Spicy.
Zeek
4
61
zeek-macho
A Zeek Mach-o File Analyzer
Zeek
4
62
icannTLD
Zeek script using the official ICANN Top-Level Domain (TLD) list with the Input Framework to extract the relevant information from a DNS query and mark whether it's trusted or not. The source of the ICANN TLD's can be found here: https://publicsuffix.org/list/effective_tld_names.dat. The Trusted Domains list is a custom list, created by the user, to filter domains during searches.
Zeek
4
63
CVE-2022-24497
A Zeek detector for CVE-2022-24497.Shell
3
64
redxor
Detection of Linux Malware C2 RedXOR - demonstration
Zeek
3
65
zeek-indenter
A python package to indent Zeek scripts per the Whitesmiths coding style.Python
3
66
zeek-smb-clear-state
reduce amount of tracked smb state
Zeek
3
67
Chronicle
Chronicle parser for CORELIGHT and related information.Python
3
68
bro-hardware
Hardware description script module for Bro.
Bro
3
69
CVE-2022-24491
A Zeek CVE-2022-24491 detector.
Zeek
3
70
docker-terraform-serverless
Dockerfile building Serverless with Terraform for CI/CDDockerfile
3
71
ztest
Zeek Unit Testing. Provides a framework to write unit tests for Zeek scripts.
Zeek
3
72
bro-shellshock
ShellShock attack and exploit detector for Bro.
Bro
2
73
zeekjs-notice-telegram
Zeek Notice Telegram (ZeekJS edition)JavaScript
2
74
PetitPotam
Zeek
2
75
http-more-files-names
Add more filenames to files.log from HTTP requests
Zeek
2
76
bro-drwatson
Dr. Watson catcher script for Bro.
Bro
2
77
ansible-awx-docker-bundle
Jinja
2
78
zeek-ssl-clear-state
Clear SSL State earlier to reduce memory usage
Zeek
2
79
hassh
Fingerprint SSH clients and servers.
Zeek
2
80
bro-protosigs
Purely signature based protocol detection for Bro
Standard ML
1
81
CVE-2022-23270-PPTP
A Zeek package to detect CVE-2022-23270, a PPTP vulnerability in Windows.Shell
1
82
go-zeek-broker-ws
A Go library for using zeek broker's websocket APIGo
1
83
softsensor-docker-prototype
Softsensor Docker prototypeShell
1
84
zeek-notice-telegram
Send Notices as messages over Telegram
Zeek
1
85
cve-2022-22954
Zeek
1
86
boa-detector
A vulnerable Boa web server detector.Shell
1
87
zeek-spicy-facefish
A Zeek protocol analyzer for the Facefish rootkit, based on Spicy.
CMake
1
88
zeek-globload
Zeek package to support glob patterns in the @load directiveShell
1
89
alpine-aws
Alpine docker container preloaded with AWS CLI and Git for CI/CDDockerfile
1
90
zeek-ta-splunk
Zeek TA Splunk
1
91
zeek-spicy-radius
A Zeek Radius protocol analyzer, written in Spicy.
Zeek
1
92
CVE-2022-30216
Zeek detection logic for CVE-2022-30216.
Zeek
1
93
CVE-2021-41773
A Zeek package which raises notices for Path Traversal/RCE in Apache HTTP Server 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013)
Zeek
1
94
zeek-asyncrat-detector
A Zeek based AsyncRAT malware detector.Shell
1