Alternatives and similar repositories for zeek-tls-log-alternative

Users that are interested in zeek-tls-log-alternative are comparing it to the libraries listed below

• corelight / zeek2es
  A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…
  ☆35Updated 2 years ago
• micrictor / spl-spt
  Zeek plugin to generate data on per-packet sizes and intervals
  ☆14Updated 5 years ago
• zeek / spicy-analyzers
  Growing collection of Spicy-based protocol and file analyzers for Zeek
  ☆31Updated 8 months ago
• stratosphereips / zeek_anomaly_detector
  A completely automated anomaly detector Zeek network flows files (conn.log).
  ☆80Updated 10 months ago
• OISF / suricata-intel-index
  Suricata rule and intel index
  ☆30Updated 2 months ago
• GiuseppeLaurenza / dAPTaset
  a database that collects data related to APTs from existing public sources through a semi automatic methodology and produces an exhaustiv…
  ☆15Updated 2 years ago
• COSSAS / dgad
  DGA Detective - Hunt domains generated by Domain Generation Algorithms to identify malware traffic
  ☆42Updated 10 months ago
• fatemabw / kyd
  DHCP Fingerprinting
  ☆28Updated 4 years ago
• cyware-labs / Threat-Response-Docker
  ☆43Updated 2 years ago
• vishal1991 / Network-Forensics
  • Packet capture (PCAP) file analysis to analyze traffic sent by malicious IP address.
  ☆12Updated 10 years ago
• StefanKelm / yara-rules
  Links to malware-related YARA rules
  ☆15Updated 2 years ago
• conexioninversa / WOPR
  Globally distributed honeypots and HoneyNets IOCs and file reversing
  ☆16Updated last year
• Cluster25 / detection
  Threat Detection Rules (Snort/Sigma/Yara)
  ☆13Updated last year
• threatrack / cti_report_collection
  Repository collecting and automagically processing public threat intelligence reports.
  ☆18Updated 5 years ago
• precurse / zeek-httpattacks
  This module detects HTTP requests that are non RFC compliant and used for smuggling
  ☆12Updated 2 years ago
• corelight / ripple20
  A Zeek package for the passive detection of "Ripple20" vulnerabilities in the Treck TCP/IP stack.
  ☆33Updated 2 years ago
• staaldraad / fastfluxanalysis
  Scripts to detect Fast-Flux and DGA using DNS query responses
  ☆43Updated 7 years ago
• dgunter / ParseZeekLogs
  Utility for parsing Bro log files into CSV or JSON format
  ☆41Updated 2 years ago
• bez0r / BeaconBits
  Network timing evaluation used to detect beacons, works with argus flow as the source
  ☆20Updated 9 years ago
• michalpurzynski / zeek-scripts
  zeek-scripts
  ☆43Updated 6 years ago
• zom3y3 / ssdc
  ssdeep cluster analysis for malware files
  ☆30Updated 5 years ago
• aiforsec22 / IEEEEuroSP23
  ☆25Updated last year
• CrySyS / bro-step7-plugin
  A proof of concept implementation of the Siemens S7 protocol analyser for the Bro IDS.
  ☆16Updated 8 years ago
• PaloAltoNetworks / pyjarm
  pyJARM is a library for doing JARM fingerprinting using python
  ☆49Updated 2 months ago
• stratosphereips / StratosphereTestingFramework
  The stratosphere testing framework is mean to help in the researching and verification of the behavioral models used by the Stratoshpere …
  ☆50Updated 7 years ago
• 0xtf / nsm-attack
  Mapping NSM rules to MITRE ATT&CK
  ☆71Updated 4 years ago
• micrictor / smbfp
  Zeek package to generate a SMB client fingerprint
  ☆27Updated 5 years ago
• jvdroit / Suricata-rules
  ☆9Updated 8 years ago
• Hullgj / report-parser
  Cuckoo Sandbox report parser into ransomware classifier
  ☆11Updated 6 years ago
• SpiderLabs / IOCs-IDPS
  This repository will hold PCAP IOC data related with known malware samples (owner: Bryant Smith)
  ☆104Updated 3 years ago