pre-commit hooks specification for zeek-format

Scan extracted file from Zeek with Yara rules and get statistical analysis for matching files. Optionally, simulate matching malicious files with Picus.

Convert DER files to Zeek SSL::root_certs

Lookup hostnames via dns

Generate a CMDB based on traffic capture data.

Eliminating entry barriers for adding network security monitoring to AWS using Zeek and Suricata with S3 storage.

Repository of scripts to add AlienVault's OTX intel feed to Zeek and Security Onion 2

An online, deployable machine learning network intrusion detection system for Zeek.

Ansible role that installs Zeek (formerly Bro) and configures it to run as a non-root user

Templates for writing applications using Zeek NSM communication library Broker

IP related statistics

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Wrapper for zeek-cut within Python3

An automated Pcap Analysis tool which produces an interactive graph with details like ISP info and maliciousness of the actor/IP

A zeek script for identifying bad ASNs

A tool set to work with our Stratosphere Laboratory cybersecurity datasets.

Lambda Function for Serverless pDNS and Flow Collection

JSON TCP stream importer for RITA and AC-Hunter

DEteCtion of Anomalous outbouNd HTTP TRaffic by Passive Application Fingerprinting -- fork of original scientific paper code

Device profile: Define acceptable amounts of traffic for your devices and see a report of outliers.