Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)
☆92Apr 25, 2025Updated 10 months ago
Alternatives and similar repositories for brimcap
Users that are interested in brimcap are comparing it to the libraries listed below
Sorting:
- Releases for the Zui Insiders app.☆22Feb 17, 2025Updated last year
- Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.☆1,931Feb 3, 2026Updated last month
- A simple way of detecting multithreaded exfiltration in Zeek.☆15May 1, 2025Updated 10 months ago
- Growing collection of Spicy-based protocol and file analyzers for Zeek☆32Sep 16, 2024Updated last year
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆39Aug 18, 2022Updated 3 years ago
- Steve McCanne's Sharkfest '21 Talk☆16Oct 12, 2021Updated 4 years ago
- Bro analyzer that detects Google's QUIC protocol☆10Mar 2, 2021Updated 5 years ago
- Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…☆16Jun 15, 2021Updated 4 years ago
- A Postfix filter which takes a piped message and submits it to Cuckoo Sandbox☆11Apr 3, 2016Updated 9 years ago
- SACTI - Securely aggregate CTI sightings and report them on MISP☆14Oct 24, 2022Updated 3 years ago
- A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the…☆62Nov 26, 2025Updated 3 months ago
- Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt☆40Jun 20, 2023Updated 2 years ago
- ssdeep cluster analysis for malware files☆31Jun 5, 2020Updated 5 years ago
- An open standard for hashing network flows into identifiers, a.k.a "Community IDs".☆194Sep 23, 2024Updated last year
- lnk_parser is a full rust implementation to parse windows LNK files☆23Feb 17, 2026Updated last month
- Plugin for Zeek/Bro which provides http2 decoder/analyzer☆30Jun 11, 2024Updated last year
- Zeek IDS Dockerfile☆101Dec 5, 2022Updated 3 years ago
- Parse Suricata rules☆14Aug 1, 2023Updated 2 years ago
- Reviews and tests of security products☆17Dec 28, 2024Updated last year
- ☆58Mar 4, 2022Updated 4 years ago
- Zeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol☆25May 30, 2024Updated last year
- Corelight@Home script☆46Oct 5, 2023Updated 2 years ago
- fast, extensible, versatile event router for Suricata's EVE-JSON format☆57Nov 20, 2025Updated 4 months ago
- Useful resources for Zeek(https://zeek.org/) (Bro(http://bro.org/))☆30Apr 17, 2020Updated 5 years ago
- Microsoft 365 Defender Hunting via PowerShell.☆14Feb 8, 2022Updated 4 years ago
- Zeek-Formatted Threat Intelligence Feeds☆390Updated this week
- All my POC related to malware development☆15Feb 19, 2026Updated last month
- Go implementation of the Community ID flow hashing standard☆22Apr 17, 2025Updated 11 months ago
- Practical Information Sharing between Law Enforcement and CSIRT communities using MISP☆35Sep 18, 2023Updated 2 years ago
- HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints…☆546May 1, 2025Updated 10 months ago
- Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark☆451Jan 16, 2024Updated 2 years ago
- ☆17Oct 26, 2021Updated 4 years ago
- Presentation Slides and Resources☆16Jun 12, 2024Updated last year
- A Zeek plugin to POST logs over HTTP.☆13Feb 10, 2020Updated 6 years ago
- Zeek package to generate a SMB client fingerprint☆27May 5, 2020Updated 5 years ago
- suricata rules to pcap☆10Mar 25, 2021Updated 4 years ago
- A Python implementation of the Community ID flow hashing standard☆23Nov 29, 2023Updated 2 years ago
- Resources I've found useful for my CTI work☆12Dec 27, 2023Updated 2 years ago
- Enables Zeek to communicate with Tenzir☆11Jul 20, 2023Updated 2 years ago