corelight / got_zoomLinks
A Zeek package that detects Zoom logins and meeting joins
☆12Updated 5 years ago
Alternatives and similar repositories for got_zoom
Users that are interested in got_zoom are comparing it to the libraries listed below
Sorting:
- Zeek plugin to generate data on per-packet sizes and intervals☆14Updated 5 years ago
- Zeek support for Community ID flow hashing.☆35Updated last year
- Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt☆39Updated last year
- ☆13Updated 3 years ago
- CyCAT.org taxonomies☆15Updated 4 years ago
- CyCAT.org API back-end server including crawlers☆29Updated 2 years ago
- Log4j Exploit Detection Logic for Zeek☆19Updated last year
- Zeek package to generate a SMB client fingerprint☆27Updated 5 years ago
- Specifications used in the MISP project including MISP core format☆51Updated 5 months ago
- Mapping Corelight or Zeek data to Elastic Common Schema fields☆34Updated last month
- Actionable analytics designed to combat threats based on MITRE's ATT&CK.☆22Updated 5 years ago
- Firepit - STIX Columnar Storage☆16Updated last year
- A script to create and assign SOP tasks into the cases☆19Updated 4 years ago
- pocket guide for core threat hunting concepts☆23Updated 5 years ago
- Transform EQL detection rules to VQL artifacts☆11Updated 3 years ago
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge base☆23Updated 3 years ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆35Updated 2 years ago
- ☆18Updated 3 years ago
- Utility for parsing Bro log files into CSV or JSON format☆41Updated 2 years ago
- Utilizing your Threat data from a MISP instance into CarbonBlack Response by exposing the data in the Threat Intelligence Feed.☆19Updated 3 years ago
- Zeek package to detect Zerologon☆11Updated 3 years ago
- A Bro package to identify connections that are bursting (lots of data and transferring quickly).☆13Updated 4 years ago
- A website and framework for testing NIDS detection☆57Updated 3 years ago
- Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…☆18Updated 5 years ago
- Zeek package for tracking long connections to report them before they have completed.☆30Updated 4 months ago
- Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert☆36Updated 2 years ago
- ☆15Updated 7 years ago
- Enables Zeek to communicate with Tenzir☆11Updated last year
- Exports MISP events to STIX and ingest into McAfee ESM☆15Updated 5 years ago
- A Spicy protocol analyzer for WireGuard☆29Updated 4 years ago