sysflow-telemetry / sf-collector
SysFlow collection probe
☆15Updated last month
Related projects: ⓘ
- SysFlow edge processing pipeline☆13Updated last month
- SysFlow project APIs☆15Updated 3 months ago
- SysFlow documentation and issues tracker☆45Updated 3 months ago
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)☆29Updated 8 months ago
- This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that ma…☆15Updated 2 years ago
- Growing collection of Spicy-based protocol and file analyzers for Zeek☆32Updated this week
- Dockerized Zeek☆10Updated 6 months ago
- Augmentation to Machine Readable CTI☆25Updated this week
- A Zeek package that detects Zoom logins and meeting joins☆11Updated 4 years ago
- Zeek support for Community ID flow hashing.☆32Updated last year
- Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert☆35Updated last year
- Extensions for Zeek's Intelligence Framework.☆11Updated 2 years ago
- Zeek plugin to generate data on per-packet sizes and intervals☆13Updated 4 years ago
- provides a Suricata Eve output for Kafka with Suricate Eve plugin☆14Updated 2 years ago
- A Bro package to identify connections that are bursting (lots of data and transferring quickly).☆12Updated 3 years ago
- A set of PCAPs used to test the parsers used by Malcolm. Also, a curated list of PCAP collections I've found online.☆30Updated last month
- Posture Attribute Collection and Evaluation☆23Updated last year
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge base☆23Updated 2 years ago
- Open source endpoint agent providing host information to Zeek. [v2]☆61Updated this week
- fast, extensible, versatile event router for Suricata's EVE-JSON format☆50Updated 2 months ago
- This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2☆124Updated 3 years ago
- Enables Zeek to communicate with Tenzir☆11Updated last year
- ☆14Updated this week
- The Security Analyst’s Guide to Suricata☆49Updated 3 months ago
- Go implementation of the Community ID flow hashing standard☆19Updated 3 weeks ago
- Pre-configured environment that supports the development and running of OpenDXL solutions☆13Updated 3 years ago
- Zeek package to generate a SMB client fingerprint☆26Updated 4 years ago
- Bro/Zeek integration with osquery☆95Updated 3 years ago
- A STIX 2.1 Extension Definition for the Course of Action (COA) object type. The nested property extension allows a COA to share machine-r…☆21Updated 9 months ago
- Kestrel Jupyter Notebook Kernel☆9Updated 11 months ago