There are no reviews yet. Be the first to send feedback to the community and the maintainers!
zeek-cheatsheets
Zeek Log Cheatsheetscommunity-id-spec
An open standard for hashing network flows into identifiers, a.k.a "Community IDs".threat-hunting-guide
raspi-corelight
Corelight@Home scriptecs-mapping
Mapping Corelight or Zeek data to Elastic Common Schema fieldsripple20
A Zeek package for the passive detection of "Ripple20" vulnerabilities in the Treck TCP/IP stack.zeek2es
A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for further processing!zeek-community-id
Zeek support for Community ID flow hashing.cve-2022-26809
Detects attempts and successful exploitation of CVE-2022-26809cwrap
Auto wrap C and C++ functions with instrumentationzeek-long-connections
Zeek package for tracking long connections to report them before they have completed.Elasticsearch_rules
Elastic version of SOC prime watcher rulesjson-streaming-logs
Bro script package to create JSON formatted logs to stream into data analysis systems.pycommunityid
A Python implementation of the Community ID flow hashing standardcve-2021-44228
Log4j Exploit Detection Logic for Zeekhttp-stalling-detector
Detect HTTP stalling attacks like slowloris with Brodetect-ransomware-filenames
CVE-2021-42292
A Zeek package to detect CVE-2021-42292, a Microsoft Excel local privilege escalation exploit.corelight-client
Corelight Sensor API command-line clientDashboards-Splunk-DNS-Hunting-Beaconing
DNS Dashboard for hunting and identifying beaconinglog-add-http-post-bodies
Add POST body excerpt to Bro's HTTP logCorelight-Ansible-Roles
Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, Suricata and Zeek solutions.json-tcp-lb
line based tcp load balancing proxy.CVE-2021-31166
HTTP Protocol Stack CVE-2021-31166conn-burst
A Bro package to identify connections that are bursting (lots of data and transferring quickly).suricata_exporter
A Prometheus Exporter for Suricatagot_zoom
A Zeek package that detects Zoom logins and meeting joinszerologon
Zeek package to detect Zerologonzeek-elf
A Zeek ELF File Analyzerzeek-quic
Bro analyzer that detects Google's QUIC protocolecs-logstash-mappings
Mapping Corelight or Zeek data to Elastic Common Schema logstop-dns
Top DNS Measurement for BroSIGRed
Detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed)CVE-2021-1675
CVE-2020-16898
A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability)zeek-spicy-openvpn
A Zeek OpenVPN protocol analyzer, based on Spicy.zeekjs
ZeekJS - Experimental JavaScript support for Zeek.phantom-playbooks
ecs-dashboards
pingback
A Zeek package to detect the Pingback malware ICMP tunnel command and control (C2) network traffic.ecs-templates
Corelight or Zeek Elastic Common Schema Templateszeek-openvpn
A Zeek OpenVPN protocol analyzer plugin.zeek-spicy-ospf
A Zeek OSPF packet analyzer based on Spicy.docker-fleet-api-ci
Ubuntu-based builder including Go, NPM and Ruby tool FPM (for fleet-api)zeek-jpeg
A Zeek JPEG File AnalyzerCVE-2020-14882-weblogicRCE
Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 / CVE-2020-14750bro-maxminddb
Plugin to support libmaxminddb in Brozeek-spicy-ipsec
A Zeek IPSec protocol analyzer based on Spicy.CVE-2021-38647
CVE-2021-38647 AKA "OMIGOD" vulnerability in Windows OMIlog-add-vlan-everywhere
Add VLAN tags to all Zeek logscallstranger-detector
Zeek Plugin that detects CallStranger (CVE-2020-12695) attempts (http://callstranger.com/)zeek-xor-exe-plugin
Zeek plugin to detect and decrypt XOR-encrypted EXEsCVE-2022-26937
A Zeek package to detect CVE-2022-26937, a vulnerability in the Network Lock Manager (NLM) protocol in Windows NFS server.CVE-2020-5902-F5BigIP
A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices.CVE-2022-3602
Detects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL v 3.0.0 through v.3.0.6cve-2022-21907
cve-2022-21907plotcap
Plot packet and data rates over time given a PCAP file, with gnuplot.c-community-id
A reusable C implementation of the Community ID standardzeek-spicy-stun
A Zeek STUN protocol analyzer based on Spicy.zeek-spicy-wireguard
A Zeek Wireguard protocol analyzer based on Spicy.zeek-macho
A Zeek Mach-o File AnalyzericannTLD
Zeek script using the official ICANN Top-Level Domain (TLD) list with the Input Framework to extract the relevant information from a DNS query and mark whether it's trusted or not. The source of the ICANN TLD's can be found here: https://publicsuffix.org/list/effective_tld_names.dat. The Trusted Domains list is a custom list, created by the user, to filter domains during searches.CVE-2022-24497
A Zeek detector for CVE-2022-24497.redxor
Detection of Linux Malware C2 RedXOR - demonstrationC2-detection-manjusaka
Detection of Manjusaka C2 frameworkzeek-indenter
A python package to indent Zeek scripts per the Whitesmiths coding style.zeek-smb-clear-state
reduce amount of tracked smb stateChronicle
Chronicle parser for CORELIGHT and related information.bro-hardware
Hardware description script module for Bro.CVE-2022-24491
A Zeek CVE-2022-24491 detector.docker-terraform-serverless
Dockerfile building Serverless with Terraform for CI/CDztest
Zeek Unit Testing. Provides a framework to write unit tests for Zeek scripts.bro-shellshock
ShellShock attack and exploit detector for Bro.zeekjs-notice-telegram
Zeek Notice Telegram (ZeekJS edition)PetitPotam
http-more-files-names
Add more filenames to files.log from HTTP requestsbro-drwatson
Dr. Watson catcher script for Bro.ansible-awx-docker-bundle
zeek-ssl-clear-state
Clear SSL State earlier to reduce memory usagehassh
Fingerprint SSH clients and servers.bro-protosigs
Purely signature based protocol detection for BroCVE-2022-23270-PPTP
A Zeek package to detect CVE-2022-23270, a PPTP vulnerability in Windows.go-zeek-broker-ws
A Go library for using zeek broker's websocket APIzeek-notice-telegram
Send Notices as messages over Telegramcve-2022-22954
boa-detector
A vulnerable Boa web server detector.zeek-spicy-facefish
A Zeek protocol analyzer for the Facefish rootkit, based on Spicy.zeek-globload
Zeek package to support glob patterns in the @load directivealpine-aws
Alpine docker container preloaded with AWS CLI and Git for CI/CDzeek-ta-splunk
Zeek TA Splunkzeek-spicy-radius
A Zeek Radius protocol analyzer, written in Spicy.CVE-2022-30216
Zeek detection logic for CVE-2022-30216.CVE-2021-41773
A Zeek package which raises notices for Path Traversal/RCE in Apache HTTP Server 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013)zeek-asyncrat-detector
A Zeek based AsyncRAT malware detector.Love Open Source and this site? Check out how you can help us