Alternatives and similar repositories for zeek-sniffpass

Users that are interested in zeek-sniffpass are comparing it to the libraries listed below

• corelight / top-dns
  Top DNS Measurement for Bro
  ☆11Updated 4 years ago
• weslambert / securityonion-strelka
  ☆13Updated 5 years ago
• corelight / cve-2021-44228
  Log4j Exploit Detection Logic for Zeek
  ☆19Updated last year
• precurse / zeek-httpattacks
  This module detects HTTP requests that are non RFC compliant and used for smuggling
  ☆12Updated 2 years ago
• theparanoids / rdfp
  Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt
  ☆39Updated last year
• initconf / scan-NG
  scan-detection policies for bro
  ☆16Updated 4 months ago
• MISP / intelligence-icons
  intelligence-icons is a collection of icons and diagrams for building training and marketing materials around Intelligence sharing; inclu…
  ☆40Updated 6 years ago
• binorassocies / brostash
  brostash: Linux distribution based on Debian and focusing on network security events collection
  ☆34Updated 4 years ago
• jordisk / TheHive2Sigma
  Python script to automatically create sigma rules from The hive observables
  ☆25Updated 6 years ago
• corelight / log-add-http-post-bodies
  Add POST body excerpt to Bro's HTTP log
  ☆14Updated last year
• micrictor / spl-spt
  Zeek plugin to generate data on per-packet sizes and intervals
  ☆14Updated 5 years ago
• Benster900 / ThreatWaffle
  Threat hunting repo for my independent study on threat hunting with OSQuery
  ☆27Updated 7 years ago
• Cyb3rWard0g / presentations
  Presentation Slides and Video links
  ☆32Updated 3 years ago
• StamusNetworks / surimisp
  Check IOC provided by a MISP instance on Suricata events
  ☆17Updated 6 years ago
• corelight / detect-ransomware-filenames
  ☆16Updated 5 months ago
• ncsa / bro-simple-scan
  ☆14Updated last year
• tenzir / zeek-tenzir
  Enables Zeek to communicate with Tenzir
  ☆11Updated last year
• B0fH / yara-suricata
  A Yara Lua output script for Suricata
  ☆20Updated 6 years ago
• corelight / conn-burst
  A Bro package to identify connections that are bursting (lots of data and transferring quickly).
  ☆13Updated 4 years ago
• gcrahay / otx_misp
  Imports Alienvault OTX pulses to a MISP instance
  ☆52Updated 3 years ago
• corelight / zeek2es
  A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…
  ☆35Updated 2 years ago
• MISP / misp-packer
  Build Automated Machine Images for MISP
  ☆28Updated last year
• Security-Onion-Solutions / securityonion-docker-hh
  ☆20Updated 5 years ago
• MISP / misp-vagrant
  Deploy MISP Project software with Vagrant.
  ☆43Updated 4 years ago
• mohlcyber / MISP-STIX-ESM
  Exports MISP events to STIX and ingest into McAfee ESM
  ☆15Updated 5 years ago
• corelight / zeek-community-id
  Zeek support for Community ID flow hashing.
  ☆35Updated last year
• 0xtf / testmynids.org
  A website and framework for testing NIDS detection
  ☆57Updated 3 years ago
• alias454 / graylog-zeek-content-pack
  BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to captu…
  ☆19Updated 5 years ago
• ncsa / bro-doctor
  ☆23Updated 5 years ago
• spitfire55 / MegaDev
  Bro IDS + ELK Stack to detect and block data exfiltration
  ☆46Updated 6 years ago