salesforce/multithreaded-exfil-detection external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

salesforce/multithreaded-exfil-detection

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/salesforce/multithreaded-exfil-detection)

Close

salesforce / multithreaded-exfil-detectionView on GitHubMore

• External links
• Readme badge

A simple way of detecting multithreaded exfiltration in Zeek.

☆15May 1, 2025Updated 10 months ago

Alternatives and similar repositories for multithreaded-exfil-detection

Users that are interested in multithreaded-exfil-detection are comparing it to the libraries listed below

• zeek / spicy-analyzers

  View on GitHub
  Growing collection of Spicy-based protocol and file analyzers for Zeek
  ☆32Sep 16, 2024Updated last year
• corelight / zeek2es

  View on GitHub
  A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…
  ☆39Aug 18, 2022Updated 3 years ago
• tenzir / dockerized-zeek

  View on GitHub
  Dockerized Zeek
  ☆12Mar 9, 2024Updated last year
• corelight / zeek-long-connections

  View on GitHub
  Zeek package for tracking long connections to report them before they have completed.
  ☆31Nov 25, 2025Updated 3 months ago
• corelight / zerologon

  View on GitHub
  Zeek package to detect Zerologon
  ☆11Nov 10, 2021Updated 4 years ago
• cmcmsec / suricata_open

  View on GitHub
  ☆13Feb 25, 2021Updated 5 years ago
• precurse / zeek-httpattacks

  View on GitHub
  This module detects HTTP requests that are non RFC compliant and used for smuggling
  ☆12Mar 16, 2023Updated 2 years ago
• theparanoids / spicy-noise

  View on GitHub
  A Spicy protocol analyzer for WireGuard
  ☆29Aug 11, 2020Updated 5 years ago
• DCSO / Blog_CyTec

  View on GitHub
  Repository to provide files related to our blog articles.
  ☆16May 26, 2025Updated 9 months ago
• corelight / log-add-http-post-bodies

  View on GitHub
  Add POST body excerpt to Bro's HTTP log
  ☆14Dec 10, 2025Updated 2 months ago
• elastic / siglearn

  View on GitHub
  Code for BH21 talk: "Generating YARA Rules by Classifying Malicious Byte Sequences"
  ☆17Feb 6, 2025Updated last year
• j91321 / ansible-role-auditbeat

  View on GitHub
  Ansible role to install auditbeat for security monitoring. (Ruleset included)
  ☆15Nov 16, 2023Updated 2 years ago
• satta / gommunityid

  View on GitHub
  Go implementation of the Community ID flow hashing standard
  ☆21Apr 17, 2025Updated 10 months ago
• zeek / zeek-af_packet-plugin

  View on GitHub
  Plugin providing native AF_Packet support for Zeek.
  ☆33Oct 22, 2025Updated 4 months ago
• theparanoids / rdfp

  View on GitHub
  Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt
  ☆40Jun 20, 2023Updated 2 years ago
• cybera / zeek-sniffpass

  View on GitHub
  Sniffpass will alert on cleartext passwords discovered in HTTP POST requests
  ☆17Oct 30, 2023Updated 2 years ago
• corelight / detect-ransomware-filenames

  View on GitHub
  ☆18Dec 20, 2024Updated last year
• sud0woodo / Urgent11-Suricata-LUA-scripts

  View on GitHub
  Suricata LUA scripts to detect CVE-2019-12255, CVE-2019-12256, CVE-2019-12258, and CVE-2019-12260
  ☆19Nov 28, 2019Updated 6 years ago
• 0xl3x1 / zeek-EternalSafety

  View on GitHub
  Zeek package for detecting the Eternal* exploits and a set of SMBv1 protocol violations.
  ☆19Aug 21, 2025Updated 6 months ago
• HKcyberstark / TI_Mod

  View on GitHub
  Threat Intelligence with Elastic - Minemeld integration with Elasticsearch
  ☆19May 11, 2021Updated 4 years ago
• amzn / zeek-plugin-enip

  View on GitHub
  Zeek network security monitor plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
  ☆46May 30, 2024Updated last year
• corelight / CVE-2021-42292

  View on GitHub
  A Zeek package to detect CVE-2021-42292, a Microsoft Excel local privilege escalation exploit.
  ☆18Nov 11, 2021Updated 4 years ago
• brimdata / brimcap

  View on GitHub
  Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)
  ☆92Apr 25, 2025Updated 10 months ago
• brimdata / zui-insiders

  View on GitHub
  Releases for the Zui Insiders app.
  ☆22Feb 17, 2025Updated last year
• nickvsnetworking / Scratch-n-Sniff

  View on GitHub
  Remote packet Sniffer that encapsulates captured packets into TZSP and copies them to a remote IP
  ☆21Nov 19, 2025Updated 3 months ago
• amzn / zeek-plugin-tds

  View on GitHub
  Zeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol
  ☆25May 30, 2024Updated last year
• JustinAzoff / can-i-use-afpacket-fanout

  View on GitHub
  Validate if afpacket PACKET_FANOUT_HASH is working properly
  ☆25May 19, 2022Updated 3 years ago
• HKcyberstark / wazuh-ecs

  View on GitHub
  Parse wazuh[HIDS] alerts into ECS mapping using Filebeat
  ☆27Jul 21, 2020Updated 5 years ago
• enreeco / sf-df17-chrome-ext-sesssion

  View on GitHub
  Build your own jaw-dropping Salesforce Chrome Extension (DEMO)
  ☆12Dec 31, 2019Updated 6 years ago
• exp0se / detect_kerberos_attacks

  View on GitHub
  Detect kerberos attacks in pcap files
  ☆29Dec 13, 2015Updated 10 years ago
• jakewarren / suricata-rule-generator

  View on GitHub
  Quickly generate suricata rules for IOCs
  ☆28Apr 30, 2021Updated 4 years ago
• uniberg / kbn_sankey_vis

  View on GitHub
  Sankey diagram for Kibana visualize.
  ☆32Dec 5, 2024Updated last year
• BinaryDefense / beacon-fronting

  View on GitHub
  A simple command line program to help defender test their detections for network beacon patterns and domain fronting
  ☆70Feb 3, 2022Updated 4 years ago
• SCILabsMX / yaraZeekAlert

  View on GitHub
  This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a mat…
  ☆62Dec 16, 2023Updated 2 years ago
• mytechnotalent / Zeek-Network-Security-Monitor

  View on GitHub
  A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the…
  ☆62Nov 26, 2025Updated 3 months ago
• corelight / community-id-spec

  View on GitHub
  An open standard for hashing network flows into identifiers, a.k.a "Community IDs".
  ☆194Sep 23, 2024Updated last year
• TractionOnDemand / TractionSyncProxy

  View on GitHub
  Salesforce and Google Sheet synchronization via Heroku proxy
  ☆13Aug 16, 2017Updated 8 years ago
• opencybersecurityalliance / kestrel-huntbook

  View on GitHub
  This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)
  ☆37Jan 2, 2024Updated 2 years ago
• cudeso / dfir-iris-misp-timesketch

  View on GitHub
  Scripts to integrate DFIR-IRIS, MISP and TimeSketch
  ☆35Feb 2, 2022Updated 4 years ago