Top 47 Zeek open source projects

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Zeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol

A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.

No description, website, or topics provided.

Various Bro scripts

Detect HTTP stalling attacks like slowloris with Bro

bro on debian with elasticsearch support

simple plugin to detect shellcode on Bro IDS with Unicorn

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs.

Detect Phishing with Bro IDS

Zeek IDS Dockerfile

Zeek network security monitor plugin that enables parsing of the Profinet protocol

A collection of bro_scripts and signatures

Experimental Bro scripts with good prospects for the official bro-scripts repository.

DHCP Fingerprinting

No description, website, or topics provided.

Bro script module for detecting malware using domain generation algorithms.

Zeek package to detect CVE-2020-0601

流量抓取服务

Logging plugin to bro to send logs to a Kafka broker

Extracting and analyzing URLs from Emails for phishing events

A set of zeek scripts providing a module for tracking and correlating abnormal DNS behavior.

Zeek Training Materials/Products

A Zeek plugin to POST logs over HTTP.

Monitor ethernet traffic in real time with a 3D backend.

No description, website, or topics provided.

Apache Metron

Various Bro scripts

Bro script package to create JSON formatted logs to stream into data analysis systems.

BotFlex is an open source tool or bot detection and analysis

scripts to help beginners program in Bro

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

setup zeek, previously Bro IDS

Bro Snippets

Zeek network security monitor plugin that enables parsing of the S7 protocol

brocon-15 scripts

Zeek Junk Drawer - Just some scripts and a place to put them

github.com/hardenedlinux/zeek-nix

Bro IDS + ELK Stack to detect and block data exfiltration

Documentation for Zeek

Tool for managing Zeek deployments.

Snort_rules detection bad actors.

Creates a KDDCup99 format databse from traffic sniffed with tcpdump

bro.vim - A simple plugin for working with the bro scripting languages.

Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation

Connectors for the Zeek NetControl framework