Zeek Log Cheatsheets
☆305Aug 12, 2025Updated 8 months ago
Alternatives and similar repositories for zeek-cheatsheets
Users that are interested in zeek-cheatsheets are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆58Mar 4, 2022Updated 4 years ago
- Zeek package for tracking long connections to report them before they have completed.☆31Nov 25, 2025Updated 5 months ago
- A package manager for Zeek☆47Mar 5, 2026Updated 2 months ago
- A Bro package to identify connections that are bursting (lots of data and transferring quickly).☆13Oct 15, 2020Updated 5 years ago
- Enables Zeek to communicate with Tenzir☆11Jul 20, 2023Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Zeek support for Community ID flow hashing.☆37Jul 11, 2023Updated 2 years ago
- Collection of walkthroughs on various threat hunting techniques☆77Aug 3, 2020Updated 5 years ago
- Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark☆456Mar 19, 2026Updated last month
- ☆16Feb 13, 2020Updated 6 years ago
- Add POST body excerpt to Bro's HTTP log☆14Dec 10, 2025Updated 5 months ago
- A Zeek package for the passive detection of "Ripple20" vulnerabilities in the Treck TCP/IP stack.☆32Jun 29, 2022Updated 3 years ago
- Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…☆16Jun 15, 2021Updated 4 years ago
- line based tcp load balancing proxy.☆14Jun 18, 2024Updated last year
- scan-detection policies for bro☆16Jan 16, 2025Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Windows Events Attack Samples☆2,554Jan 24, 2023Updated 3 years ago
- The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.☆143Updated this week
- ☆24Mar 29, 2020Updated 6 years ago
- An open standard for hashing network flows into identifiers, a.k.a "Community IDs".☆196Sep 23, 2024Updated last year
- A set of Zeek scripts to detect ATT&CK techniques.☆621Jun 26, 2024Updated last year
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,510Jan 12, 2026Updated 3 months ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,544Jan 12, 2026Updated 3 months ago
- JoeSandbox-Bro is a simple bro script which extracts files from your internet connection and analyzes them automatically on Joe Sandbox☆44Jun 6, 2019Updated 6 years ago
- CyCAT.org taxonomies☆15May 22, 2021Updated 4 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- A repository of sysmon configuration modules☆3,031Aug 21, 2024Updated last year
- A homebrewed cyber threat intelligence solution☆20Nov 20, 2012Updated 13 years ago
- Create a MS Word index file from PowerPoint notes and slides☆46Sep 6, 2025Updated 8 months ago
- E-Mail Header Analyzer☆695Apr 11, 2023Updated 3 years ago
- Detect Phishing with Bro IDS☆18Feb 1, 2017Updated 9 years ago
- How to Zeek Sysmon Logs!☆102Feb 12, 2022Updated 4 years ago
- Snort_rules detection bad actors.☆29Aug 18, 2024Updated last year
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,174Apr 22, 2026Updated 2 weeks ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆39Aug 18, 2022Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Bro/Zeek integration with osquery☆94Nov 2, 2020Updated 5 years ago
- Main Sigma Rule Repository☆10,386May 1, 2026Updated last week
- Bro IDS + ELK Stack to detect and block data exfiltration☆46Oct 31, 2018Updated 7 years ago
- Re-play Security Events☆1,746Mar 20, 2024Updated 2 years ago
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆573Dec 12, 2021Updated 4 years ago
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,402Updated this week
- Detect Tactics, Techniques & Combat Threats☆2,287Apr 29, 2026Updated last week