stratosphereips / zeek_anomaly_detectorLinks
A completely automated anomaly detector Zeek network flows files (conn.log).
☆80Updated 9 months ago
Alternatives and similar repositories for zeek_anomaly_detector
Users that are interested in zeek_anomaly_detector are comparing it to the libraries listed below
Sorting:
- Mapping NSM rules to MITRE ATT&CK☆71Updated 4 years ago
- Zeek Training Materials/Products☆37Updated 3 months ago
- zeek-scripts☆43Updated 6 years ago
- A collection of resources for security data☆41Updated 7 years ago
- A python app to predict Att&ck tactics and techniques from cyber threat reports☆121Updated last year
- ☆109Updated 4 years ago
- ☆36Updated 2 months ago
- The stratosphere testing framework is mean to help in the researching and verification of the behavioral models used by the Stratoshpere …☆50Updated 7 years ago
- This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a mat…☆62Updated last year
- OASIS Cyber Threat Intelligence (CTI) TC: A tool for generating STIX content for prototyping and testing. https://github.com/oasis-open/c…☆41Updated last year
- A Zeek script to generate features based on timing, volume and metadata for traffic classification.☆55Updated 4 years ago
- Zeek plugin to generate data on per-packet sizes and intervals☆14Updated 5 years ago
- Growing collection of Spicy-based protocol and file analyzers for Zeek☆31Updated 8 months ago
- Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security relate…☆164Updated last year
- The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.☆137Updated this week
- Threat Detection & Anomaly Detection rules for popular open-source components☆52Updated 2 years ago
- A tool to extract structured cyber information from incident reports.☆80Updated 6 years ago
- Zeek IDS Dockerfile☆101Updated 2 years ago
- "Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyb…☆93Updated 11 months ago
- Zeek network security monitor plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards☆45Updated last year
- A website and framework for testing NIDS detection☆57Updated 3 years ago
- This repository will hold PCAP IOC data related with known malware samples (owner: Bryant Smith)☆104Updated 3 years ago
- Utility for parsing Bro log files into CSV or JSON format☆41Updated 2 years ago
- ICS Cybersecurity PCAP respository☆53Updated 6 years ago
- Zeek support for Community ID flow hashing.☆35Updated last year
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings☆122Updated 3 years ago
- Docker files for building Zeek.☆86Updated last year
- Plugin providing native AF_Packet support for Zeek.☆34Updated last year
- DGA Domains detection☆66Updated 7 years ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆35Updated 2 years ago