Zeek Log Cheatsheets
☆304Aug 12, 2025Updated 7 months ago
Alternatives and similar repositories for zeek-cheatsheets
Users that are interested in zeek-cheatsheets are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆58Mar 4, 2022Updated 4 years ago
- Zeek package for tracking long connections to report them before they have completed.☆31Nov 25, 2025Updated 4 months ago
- A package manager for Zeek☆47Mar 5, 2026Updated 3 weeks ago
- A Bro package to identify connections that are bursting (lots of data and transferring quickly).☆13Oct 15, 2020Updated 5 years ago
- Enables Zeek to communicate with Tenzir☆11Jul 20, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Zeek support for Community ID flow hashing.☆36Jul 11, 2023Updated 2 years ago
- Collection of walkthroughs on various threat hunting techniques☆76Aug 3, 2020Updated 5 years ago
- Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark☆451Mar 19, 2026Updated last week
- ☆16Feb 13, 2020Updated 6 years ago
- Add POST body excerpt to Bro's HTTP log☆14Dec 10, 2025Updated 3 months ago
- A Zeek package for the passive detection of "Ripple20" vulnerabilities in the Treck TCP/IP stack.☆33Jun 29, 2022Updated 3 years ago
- Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…☆16Jun 15, 2021Updated 4 years ago
- line based tcp load balancing proxy.☆14Jun 18, 2024Updated last year
- scan-detection policies for bro☆16Jan 16, 2025Updated last year
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Windows Events Attack Samples☆2,531Jan 24, 2023Updated 3 years ago
- The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.☆143Updated this week
- ☆24Mar 29, 2020Updated 6 years ago
- An open standard for hashing network flows into identifiers, a.k.a "Community IDs".☆194Sep 23, 2024Updated last year
- A set of Zeek scripts to detect ATT&CK techniques.☆622Jun 26, 2024Updated last year
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,515Jan 12, 2026Updated 2 months ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,508Jan 12, 2026Updated 2 months ago
- JoeSandbox-Bro is a simple bro script which extracts files from your internet connection and analyzes them automatically on Joe Sandbox☆44Jun 6, 2019Updated 6 years ago
- CyCAT.org taxonomies☆15May 22, 2021Updated 4 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- A repository of sysmon configuration modules☆2,996Aug 21, 2024Updated last year
- A homebrewed cyber threat intelligence solution☆20Nov 20, 2012Updated 13 years ago
- Create a MS Word index file from PowerPoint notes and slides☆46Sep 6, 2025Updated 6 months ago
- E-Mail Header Analyzer☆696Apr 11, 2023Updated 2 years ago
- Detect Phishing with Bro IDS☆18Feb 1, 2017Updated 9 years ago
- How to Zeek Sysmon Logs!☆103Feb 12, 2022Updated 4 years ago
- Snort_rules detection bad actors.☆29Aug 18, 2024Updated last year
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,141Oct 19, 2025Updated 5 months ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆39Aug 18, 2022Updated 3 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Main Sigma Rule Repository☆10,224Mar 19, 2026Updated last week
- Bro/Zeek integration with osquery☆93Nov 2, 2020Updated 5 years ago
- Bro IDS + ELK Stack to detect and block data exfiltration☆46Oct 31, 2018Updated 7 years ago
- Re-play Security Events☆1,729Mar 20, 2024Updated 2 years ago
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,369Updated this week
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆573Dec 12, 2021Updated 4 years ago
- Detect Tactics, Techniques & Combat Threats☆2,270Jan 21, 2026Updated 2 months ago