Alternatives and similar repositories for zeek-cheatsheets

Users that are interested in zeek-cheatsheets are comparing it to the libraries listed below

• corelight / threat-hunting-guide

  View on GitHub
  ☆58Mar 4, 2022Updated 3 years ago
• corelight / zeek-long-connections

  View on GitHub
  Zeek package for tracking long connections to report them before they have completed.
  ☆31Nov 25, 2025Updated 2 months ago
• corelight / conn-burst

  View on GitHub
  A Bro package to identify connections that are bursting (lots of data and transferring quickly).
  ☆13Oct 15, 2020Updated 5 years ago
• corelight / log-add-http-post-bodies

  View on GitHub
  Add POST body excerpt to Bro's HTTP log
  ☆14Dec 10, 2025Updated 2 months ago
• activecm / threat-hunting-labs

  View on GitHub
  Collection of walkthroughs on various threat hunting techniques
  ☆76Aug 3, 2020Updated 5 years ago
• zeek / package-manager

  View on GitHub
  A package manager for Zeek
  ☆47Jan 8, 2026Updated last month
• SuperCowPowers / zat

  View on GitHub
  Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark
  ☆451Jan 16, 2024Updated 2 years ago
• corelight / zeek-community-id

  View on GitHub
  Zeek support for Community ID flow hashing.
  ☆37Jul 11, 2023Updated 2 years ago
• initconf / scan-NG

  View on GitHub
  scan-detection policies for bro
  ☆16Jan 16, 2025Updated last year
• mitre-attack / bzar

  View on GitHub
  A set of Zeek scripts to detect ATT&CK techniques.
  ☆620Jun 26, 2024Updated last year
• corelight / Corelight-Ansible-Roles

  View on GitHub
  Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…
  ☆16Jun 15, 2021Updated 4 years ago
• CyCat-project / cycat-taxonomy

  View on GitHub
  CyCAT.org taxonomies
  ☆15May 22, 2021Updated 4 years ago
• zeek / packages

  View on GitHub
  The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.
  ☆144Jan 29, 2026Updated 2 weeks ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,507Jan 24, 2023Updated 3 years ago
• activecm / rita-legacy

  View on GitHub
  Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…
  ☆2,514Jan 12, 2026Updated last month
• corelight / community-id-spec

  View on GitHub
  An open standard for hashing network flows into identifiers, a.k.a "Community IDs".
  ☆193Sep 23, 2024Updated last year
• JPCERTCC / SysmonSearch

  View on GitHub
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆431Dec 22, 2023Updated 2 years ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,723Mar 20, 2024Updated last year
• tenzir / zeek-tenzir

  View on GitHub
  Enables Zeek to communicate with Tenzir
  ☆11Jul 20, 2023Updated 2 years ago
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆2,968Aug 21, 2024Updated last year
• tylabs / dovehawk

  View on GitHub
  Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
  ☆122Jul 12, 2021Updated 4 years ago
• rabobank-cdc / DeTTECT

  View on GitHub
  Detect Tactics, Techniques & Combat Threats
  ☆2,263Jan 21, 2026Updated 3 weeks ago
• corelight / zeek2es

  View on GitHub
  A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…
  ☆38Aug 18, 2022Updated 3 years ago
• JPCERTCC / LogonTracer

  View on GitHub
  Investigate malicious Windows logon by visualizing and analyzing Windows event log
  ☆3,049Oct 19, 2025Updated 3 months ago
• sroberts / sapho

  View on GitHub
  A homebrewed cyber threat intelligence solution
  ☆20Nov 20, 2012Updated 13 years ago
• corelight / json-tcp-lb

  View on GitHub
  line based tcp load balancing proxy.
  ☆14Jun 18, 2024Updated last year
• salesforce / bro-sysmon

  View on GitHub
  How to Zeek Sysmon Logs!
  ☆103Feb 12, 2022Updated 4 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,475Jan 12, 2026Updated last month
• hosom / bro-phishing

  View on GitHub
  Detect Phishing with Bro IDS
  ☆18Feb 1, 2017Updated 9 years ago
• ThreatHuntingProject / ThreatHunting

  View on GitHub
  An informational repo about hunting for adversaries in your IT environment.
  ☆1,846Nov 17, 2021Updated 4 years ago
• cisagov / Malcolm

  View on GitHub
  Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…
  ☆2,334Jan 30, 2026Updated 2 weeks ago
• mitre-attack / car

  View on GitHub
  Cyber Analytics Repository
  ☆982May 16, 2025Updated 8 months ago
• activecm / docker-zeek

  View on GitHub
  Run zeek with zeekctl in docker
  ☆62Sep 12, 2024Updated last year
• cyberdefenders / DetectionLabELK

  View on GitHub
  DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
  ☆573Dec 12, 2021Updated 4 years ago
• clong / DetectionLab

  View on GitHub
  Automate the creation of a lab environment complete with security tooling and logging best practices
  ☆4,901Jul 6, 2024Updated last year
• cyberdefenders / email-header-analyzer

  View on GitHub
  E-Mail Header Analyzer
  ☆697Apr 11, 2023Updated 2 years ago
• dwmetz / CyberPipe

  View on GitHub
  An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
  ☆342Dec 3, 2025Updated 2 months ago
• elastic / detection-rules

  View on GitHub
  ☆2,502Updated this week
• Cyb3r-Monk / RITA-J

  View on GitHub
  Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
  ☆207Jul 21, 2022Updated 3 years ago