corelight / got_zoom
A Zeek package that detects Zoom logins and meeting joins
☆12Updated 5 years ago
Alternatives and similar repositories for got_zoom:
Users that are interested in got_zoom are comparing it to the libraries listed below
- Zeek plugin to generate data on per-packet sizes and intervals☆14Updated 5 years ago
- Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt☆39Updated last year
- Zeek support for Community ID flow hashing.☆35Updated last year
- CyCAT.org API back-end server including crawlers☆29Updated 2 years ago
- CyCAT.org taxonomies☆14Updated 3 years ago
- ☆15Updated 7 years ago
- Actionable analytics designed to combat threats based on MITRE's ATT&CK.☆22Updated 5 years ago
- Exports MISP events to STIX and ingest into McAfee ESM☆15Updated 5 years ago
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge base☆23Updated 2 years ago
- Log4j Exploit Detection Logic for Zeek☆19Updated 11 months ago
- Zeek package to generate a SMB client fingerprint☆27Updated 4 years ago
- Tools related to work with Attack Flow (https://github.com/center-for-threat-informed-defense/attack-flow)☆44Updated 2 years ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆35Updated 2 years ago
- Specifications used in the MISP project including MISP core format☆51Updated 3 months ago
- ☆12Updated 5 years ago
- Web app that provides basic navigation and annotation of ATT&CK matrices☆16Updated 4 years ago
- A few quick recipes for those that do not have much time during the day☆22Updated 5 months ago
- ☆13Updated 3 years ago
- ☆34Updated 4 years ago
- A script to create and assign SOP tasks into the cases☆19Updated 4 years ago
- OpenDXL Broker is an open source version of a Data Exchange Layer (DXL) broker☆14Updated last year
- Firepit - STIX Columnar Storage☆16Updated 10 months ago
- Utilizing your Threat data from a MISP instance into CarbonBlack Response by exposing the data in the Threat Intelligence Feed.☆19Updated 2 years ago
- ☆20Updated 4 years ago
- ☆33Updated 3 years ago
- Transform EQL detection rules to VQL artifacts☆11Updated 3 years ago
- Zeek Extension to Collect Metadata for Profiling of Endpoints and Proxies☆31Updated last year
- Recon Hunt Queries☆77Updated 3 years ago
- Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert☆36Updated 2 years ago
- Zeek package to detect Zerologon☆11Updated 3 years ago