Alternatives and similar repositories for dovehawk

Users that are interested in dovehawk are comparing it to the libraries listed below

• tenzir / zeek-tenzir

  View on GitHub
  Enables Zeek to communicate with Tenzir
  ☆11Jul 20, 2023Updated 2 years ago
• J-Gras / intel-extensions

  View on GitHub
  Extensions for Zeek's Intelligence Framework.
  ☆11Mar 1, 2022Updated 3 years ago
• theparanoids / rdfp

  View on GitHub
  Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt
  ☆40Jun 20, 2023Updated 2 years ago
• micrictor / spl-spt

  View on GitHub
  Zeek plugin to generate data on per-packet sizes and intervals
  ☆14Apr 21, 2020Updated 5 years ago
• capesstack / capes

  View on GitHub
  Cyber Analytics Platform and Examination System (CAPES) Project Page
  ☆60Aug 3, 2019Updated 6 years ago
• MISP / mail_to_misp

  View on GitHub
  Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
  ☆69Nov 11, 2023Updated 2 years ago
• mitre-attack / bzar

  View on GitHub
  A set of Zeek scripts to detect ATT&CK techniques.
  ☆620Jun 26, 2024Updated last year
• corelight / conn-burst

  View on GitHub
  A Bro package to identify connections that are bursting (lots of data and transferring quickly).
  ☆13Oct 15, 2020Updated 5 years ago
• corelight / zerologon

  View on GitHub
  Zeek package to detect Zerologon
  ☆11Nov 10, 2021Updated 4 years ago
• spitfire55 / MegaDev

  View on GitHub
  Bro IDS + ELK Stack to detect and block data exfiltration
  ☆46Oct 31, 2018Updated 7 years ago
• corelight / detect-ransomware-filenames

  View on GitHub
  ☆18Dec 20, 2024Updated last year
• corelight / ecs-mapping

  View on GitHub
  Mapping Corelight or Zeek data to Elastic Common Schema fields
  ☆34Nov 3, 2025Updated 3 months ago
• tom8941 / MISP-IOC-Validator

  View on GitHub
  Validate IOC from MISP ; Export results and iocs to SIEM and sensors using syslog and CEF format
  ☆14Sep 13, 2016Updated 9 years ago
• corelight / got_zoom

  View on GitHub
  A Zeek package that detects Zoom logins and meeting joins
  ☆12Apr 15, 2020Updated 5 years ago
• eCrimeLabs / MISP2CbR

  View on GitHub
  Utilizing your Threat data from a MISP instance into CarbonBlack Response by exposing the data in the Threat Intelligence Feed.
  ☆20May 25, 2022Updated 3 years ago
• MISP / misp-cloud

  View on GitHub
  misp-cloud - Cloud-ready images of MISP
  ☆74Aug 24, 2022Updated 3 years ago
• mixmodeai / bro_intel_linter

  View on GitHub
  Bro Intel Feed Linter
  ☆26Aug 30, 2019Updated 6 years ago
• theparanoids / spicy-noise

  View on GitHub
  A Spicy protocol analyzer for WireGuard
  ☆29Aug 11, 2020Updated 5 years ago
• corelight / json-streaming-logs

  View on GitHub
  Bro script package to create JSON formatted logs to stream into data analysis systems.
  ☆30Dec 3, 2025Updated 2 months ago
• mohlcyber / MISP-MVISION-EDR

  View on GitHub
  Integration between MISP platform and McAfee MVISION EDR
  ☆14Mar 14, 2022Updated 3 years ago
• CERT-Bund / yara-exporter

  View on GitHub
  Exporting MISP event attributes to yara rules usable with Thor apt scanner
  ☆24Mar 27, 2017Updated 8 years ago
• hashlookup / private-search-set

  View on GitHub
  Private Search Set (PSS) is an extension to standard Bloom filter or a standalone hash file to describe and share private set.
  ☆16Jan 10, 2025Updated last year
• socprime / soc_workflow_app_ce

  View on GitHub
  SOC Workflow App helps Security Analysts and Threat Hunters explore suspicious events, look into raw events arriving at the Elastic Stack…
  ☆94Aug 30, 2022Updated 3 years ago
• zeek / zeek-agent

  View on GitHub
  This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2
  ☆124Nov 19, 2020Updated 5 years ago
• salesforce / hassh

  View on GitHub
  HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints…
  ☆545May 1, 2025Updated 9 months ago
• tenzir / threatbus

  View on GitHub
  🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
  ☆269Mar 17, 2023Updated 2 years ago
• salesforce / bro-sysmon

  View on GitHub
  How to Zeek Sysmon Logs!
  ☆103Feb 12, 2022Updated 4 years ago
• cybera / zeek-sniffpass

  View on GitHub
  Sniffpass will alert on cleartext passwords discovered in HTTP POST requests
  ☆17Oct 30, 2023Updated 2 years ago
• michalpurzynski / bro-gramming

  View on GitHub
  Bro IDS programs collection.
  ☆146Oct 16, 2019Updated 6 years ago
• corelight / zeek-long-connections

  View on GitHub
  Zeek package for tracking long connections to report them before they have completed.
  ☆31Nov 25, 2025Updated 2 months ago
• target / halogen

  View on GitHub
  Automatically create YARA rules from malicious documents.
  ☆212May 16, 2022Updated 3 years ago
• precurse / zeek-httpattacks

  View on GitHub
  This module detects HTTP requests that are non RFC compliant and used for smuggling
  ☆12Mar 16, 2023Updated 2 years ago
• zeek / zeek-af_packet-plugin

  View on GitHub
  Plugin providing native AF_Packet support for Zeek.
  ☆33Oct 22, 2025Updated 3 months ago
• adulau / misp-osint-collection

  View on GitHub
  Collection of best practices to add OSINT into MISP and/or MISP communities
  ☆65Sep 29, 2023Updated 2 years ago
• CanTopay / thehive-playbook-creator

  View on GitHub
  A script to create and assign SOP tasks into the cases
  ☆20Aug 16, 2020Updated 5 years ago
• jaegeral / FireMISP

  View on GitHub
  FireEye Alert json files to MISP Malware information sharing plattform (Alpha)
  ☆32Jun 11, 2017Updated 8 years ago
• neu5ron / WinLogsZero2Hero

  View on GitHub
  This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.
  ☆22Jan 30, 2018Updated 8 years ago
• corelight / zeek-community-id

  View on GitHub
  Zeek support for Community ID flow hashing.
  ☆37Jul 11, 2023Updated 2 years ago
• zeek / zeek-osquery

  View on GitHub
  Bro/Zeek integration with osquery
  ☆94Nov 2, 2020Updated 5 years ago