Alternatives and similar repositories for zeek-tls-log-alternative:

Users that are interested in zeek-tls-log-alternative are comparing it to the libraries listed below

• COSSAS / dgad
  DGA Detective - Hunt domains generated by Domain Generation Algorithms to identify malware traffic
  ☆40Updated 7 months ago
• OISF / suricata-intel-index
  Suricata rule and intel index
  ☆30Updated this week
• micrictor / spl-spt
  Zeek plugin to generate data on per-packet sizes and intervals
  ☆14Updated 4 years ago
• zom3y3 / ssdc
  ssdeep cluster analysis for malware files
  ☆30Updated 4 years ago
• Cluster25 / detection
  Threat Detection Rules (Snort/Sigma/Yara)
  ☆13Updated last year
• conexioninversa / WOPR
  Globally distributed honeypots and HoneyNets IOCs and file reversing
  ☆16Updated 11 months ago
• corelight / ripple20
  A Zeek package for the passive detection of "Ripple20" vulnerabilities in the Treck TCP/IP stack.
  ☆33Updated 2 years ago
• zeek / spicy-analyzers
  Growing collection of Spicy-based protocol and file analyzers for Zeek
  ☆32Updated 6 months ago
• PaloAltoNetworks / pyjarm
  pyJARM is a library for doing JARM fingerprinting using python
  ☆49Updated last week
• GiuseppeLaurenza / dAPTaset
  a database that collects data related to APTs from existing public sources through a semi automatic methodology and produces an exhaustiv…
  ☆15Updated 2 years ago
• elastic / siglearn
  Code for BH21 talk: "Generating YARA Rules by Classifying Malicious Byte Sequences"
  ☆17Updated last month
• corelight / zeek2es
  A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…
  ☆35Updated 2 years ago
• fatemabw / kyd
  DHCP Fingerprinting
  ☆28Updated 4 years ago
• threatrack / cti_report_collection
  Repository collecting and automagically processing public threat intelligence reports.
  ☆18Updated 4 years ago
• bez0r / BeaconBits
  Network timing evaluation used to detect beacons, works with argus flow as the source
  ☆20Updated 8 years ago
• osV22 / ATTACK-Force-Graph
  Generate JSON force-directed/ node graph data from MITRE's ATTACK framework and visualize it interactively
  ☆22Updated 3 years ago
• CiscoCXSecurity / presentations
  Presentations from the CX Security Labs team
  ☆33Updated 5 months ago
• ByteSecLabs / ja3-ja3s-combo
  High fidelity JA3 & JA3S combinations for known botnets and alike
  ☆11Updated 6 years ago
• SamsungLabs / W2E
  This is a project of "Cybersecurity Event Detection with New and Re-emerging Words". (ASIACCS 2020)
  ☆28Updated 11 months ago
• StefanKelm / yara-rules
  Links to malware-related YARA rules
  ☆15Updated 2 years ago
• cyware-labs / Threat-Response-Docker
  ☆42Updated 2 years ago
• micrictor / smbfp
  Zeek package to generate a SMB client fingerprint
  ☆27Updated 4 years ago
• Th1ru-M / Windows-Threat-Hunting
  Hunt for Keywords , Mutex, Windows Event,Registry Keys,Process,Schedule tasks in Windows Machine
  ☆22Updated 3 months ago
• zeek-flowmeter / zeek-flowmeter
  A Zeek script to generate features based on timing, volume and metadata for traffic classification.
  ☆55Updated 4 years ago
• vishal1991 / Network-Forensics
  • Packet capture (PCAP) file analysis to analyze traffic sent by malicious IP address.
  ☆12Updated 10 years ago
• staaldraad / fastfluxanalysis
  Scripts to detect Fast-Flux and DGA using DNS query responses
  ☆42Updated 7 years ago
• precurse / zeek-httpattacks
  This module detects HTTP requests that are non RFC compliant and used for smuggling
  ☆12Updated 2 years ago
• fatihsirin / Tweettioc-Splunk-App
  Tweettioc Splunk App
  ☆20Updated 4 years ago
• cyber-research / APTAttribution
  Code for Benchmarking two ML Approaches performing Authorship Attribution
  ☆35Updated 2 years ago
• satta / gommunityid
  Go implementation of the Community ID flow hashing standard
  ☆20Updated 2 weeks ago