Zeek Log Cheatsheets
☆306Aug 12, 2025Updated 10 months ago
Alternatives and similar repositories for zeek-cheatsheets
Users that are interested in zeek-cheatsheets are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆59Mar 4, 2022Updated 4 years ago
- Zeek package for tracking long connections to report them before they have completed.☆31Nov 25, 2025Updated 7 months ago
- A package manager for Zeek☆47Updated this week
- A Bro package to identify connections that are bursting (lots of data and transferring quickly).☆13Oct 15, 2020Updated 5 years ago
- Enables Zeek to communicate with Tenzir☆11Jul 20, 2023Updated 2 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Zeek support for Community ID flow hashing.☆37Jul 11, 2023Updated 2 years ago
- Collection of walkthroughs on various threat hunting techniques☆78Aug 3, 2020Updated 5 years ago
- Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark☆456Jun 1, 2026Updated 3 weeks ago
- ☆16Feb 13, 2020Updated 6 years ago
- Add POST body excerpt to Bro's HTTP log☆14Dec 10, 2025Updated 6 months ago
- A Zeek package for the passive detection of "Ripple20" vulnerabilities in the Treck TCP/IP stack.☆32Jun 29, 2022Updated 3 years ago
- Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…☆16Jun 15, 2021Updated 5 years ago
- line based tcp load balancing proxy.☆14Jun 18, 2024Updated 2 years ago
- scan-detection policies for bro☆16Jan 16, 2025Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Windows Events Attack Samples☆2,580Jan 24, 2023Updated 3 years ago
- The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.☆144Jun 11, 2026Updated 2 weeks ago
- ☆24Mar 29, 2020Updated 6 years ago
- An open standard for hashing network flows into identifiers, a.k.a "Community IDs".☆197Sep 23, 2024Updated last year
- A set of Zeek scripts to detect ATT&CK techniques.☆624Jun 26, 2024Updated 2 years ago
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,507Jan 12, 2026Updated 5 months ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,592Jan 12, 2026Updated 5 months ago
- JoeSandbox-Bro is a simple bro script which extracts files from your internet connection and analyzes them automatically on Joe Sandbox☆44Jun 6, 2019Updated 7 years ago
- CyCAT.org taxonomies☆15May 22, 2021Updated 5 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- A repository of sysmon configuration modules☆3,062Aug 21, 2024Updated last year
- A homebrewed cyber threat intelligence solution☆20Nov 20, 2012Updated 13 years ago
- Create a MS Word index file from PowerPoint notes and slides☆46Sep 6, 2025Updated 9 months ago
- E-Mail Header Analyzer☆695Apr 11, 2023Updated 3 years ago
- Detect Phishing with Bro IDS☆18Feb 1, 2017Updated 9 years ago
- How to Zeek Sysmon Logs!☆102Feb 12, 2022Updated 4 years ago
- Snort_rules detection bad actors.☆29Aug 18, 2024Updated last year
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,187Apr 22, 2026Updated 2 months ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆40Aug 18, 2022Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Bro/Zeek integration with osquery☆94Nov 2, 2020Updated 5 years ago
- Main Sigma Rule Repository☆10,624Jun 19, 2026Updated last week
- Bro IDS + ELK Stack to detect and block data exfiltration☆46Oct 31, 2018Updated 7 years ago
- Re-play Security Events☆1,773Mar 20, 2024Updated 2 years ago
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆573Dec 12, 2021Updated 4 years ago
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,443Jun 17, 2026Updated last week
- Detect Tactics, Techniques & Combat Threats☆2,303Jun 2, 2026Updated 3 weeks ago