A Bro package to identify connections that are bursting (lots of data and transferring quickly).
☆13Oct 15, 2020Updated 5 years ago
Alternatives and similar repositories for conn-burst
Users that are interested in conn-burst are comparing it to the libraries listed below
Sorting:
- Add POST body excerpt to Bro's HTTP log☆14Dec 10, 2025Updated 2 months ago
- Zeek package for tracking long connections to report them before they have completed.☆31Nov 25, 2025Updated 3 months ago
- Zeek package to detect Zerologon☆11Nov 10, 2021Updated 4 years ago
- Zeek plugin to generate data on per-packet sizes and intervals☆14Apr 21, 2020Updated 5 years ago
- brocon-15 scripts☆13Apr 3, 2017Updated 8 years ago
- python SDK for CIFv2☆13Nov 5, 2019Updated 6 years ago
- Plugin providing native AF_Packet support for Zeek.☆33Oct 22, 2025Updated 4 months ago
- Zeek support for Community ID flow hashing.☆36Jul 11, 2023Updated 2 years ago
- ☆24Mar 29, 2020Updated 5 years ago
- INACTIVE - http://mzl.la/ghe-archive - Zeek Extreme Performance Tuning☆26Oct 10, 2019Updated 6 years ago
- Bro IDS + ELK Stack to detect and block data exfiltration☆46Oct 31, 2018Updated 7 years ago
- Enables Zeek to communicate with Tenzir☆11Jul 20, 2023Updated 2 years ago
- Extensions for Zeek's Intelligence Framework.☆11Mar 1, 2022Updated 4 years ago
- Zeek package to create JSON formatted logs to stream into data analysis systems.☆30Dec 3, 2025Updated 3 months ago
- A Zeek package that detects Zoom logins and meeting joins☆12Apr 15, 2020Updated 5 years ago
- Threat Intelligence distribution☆31Dec 30, 2015Updated 10 years ago
- Materials for the BSides NoVA/Charleston 2018 Bro Workshop☆14Jun 4, 2025Updated 9 months ago
- A Zeek package for the passive detection of "Ripple20" vulnerabilities in the Treck TCP/IP stack.☆33Jun 29, 2022Updated 3 years ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆33Nov 3, 2025Updated 4 months ago
- brostash: Linux distribution based on Debian and focusing on network security events collection☆33Aug 30, 2020Updated 5 years ago
- scan-detection policies for bro☆16Jan 16, 2025Updated last year
- CyCAT.org taxonomies☆15May 22, 2021Updated 4 years ago
- Utility for parsing Bro log files into CSV or JSON format☆41Jan 12, 2023Updated 3 years ago
- Sniffpass will alert on cleartext passwords discovered in HTTP POST requests☆17Oct 30, 2023Updated 2 years ago
- Bro IDS programs collection.☆146Oct 16, 2019Updated 6 years ago
- ☆18Dec 20, 2024Updated last year
- A package manager for Zeek☆47Jan 8, 2026Updated last month
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆24Oct 9, 2024Updated last year
- Plugin providing AF_XDP support for Bro.☆14May 10, 2021Updated 4 years ago
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings☆122Jul 12, 2021Updated 4 years ago
- ☆21Oct 16, 2021Updated 4 years ago
- Detect Phishing with Bro IDS☆18Feb 1, 2017Updated 9 years ago
- Extracting and analyzing URLs from Emails for phishing events☆21Oct 22, 2020Updated 5 years ago
- Kerberos Haters Guide to Zeek Threat Hunting☆35Oct 14, 2021Updated 4 years ago
- No elephant flows - flow shunting for Arista switches using EOS API☆27Apr 27, 2021Updated 4 years ago
- Zeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol☆25May 30, 2024Updated last year
- Bro-IDS scripts☆50Sep 12, 2016Updated 9 years ago
- Validate if afpacket PACKET_FANOUT_HASH is working properly☆25May 19, 2022Updated 3 years ago
- Logstash configuration files for analyzing various types of logs☆25Dec 9, 2016Updated 9 years ago