#
zeek
Here are 60 public repositories matching this topic...
p-l-
commented
Feb 13, 2019
Currently, at least the values from XML tags tcpsequence and ipidsequence are not kept. The schema should be updated to store them.
See also #636.
philrz
commented
Aug 11, 2020
Repro is in Brim v0.14.0.
There's a link to the ZQL docs from the pull-down menu via Help > Query Syntax Docs that works as I'd expect, in that it opens up the docs in my browser. However, I recently noticed (per the attached video) that there's also a "Syntax docs" option available in the vertical "..." menu to the right of the search bar. When clicked, I find I can't move the window, no
Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, and Spark
-
Updated
May 14, 2020 - Jupyter Notebook
-
Updated
Jul 28, 2020 - Python
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
-
Updated
May 9, 2020 - Zeek
Extract files from network traffic with Zeek.
-
Updated
Mar 17, 2020 - Zeek
Dynamite-NSM is a free Network Security Monitor developed by Dynamite Analytics on top of several leading, enterprise-grade technologies.
python
elasticsearch
kibana
logstash
netflow
ipfix
python3
dashboards
suricata
network-analysis
agents
network-traffic
zeek
dynamite-nsm
-
Updated
Aug 17, 2020 - Python
Zeek IDS Dockerfile
-
Updated
Aug 16, 2020 - Zeek
Zeek network security monitor plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
-
Updated
Jul 10, 2020 - Zeek
Zeek ( formerly Bro) Network Security Monitor package for pfSense router/firewall
javascript
bash
ssh
php
xml
firewall
ajax
bro
browse
pfsense
xml-rpc
zeek
pfsense-pkg-zeek
pfsense-pkg-bro
pfsense-router
-
Updated
Jul 21, 2020 - PHP
Generate network maps from packet captures
-
Updated
Sep 15, 2019 - JavaScript
BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.
-
Updated
Apr 12, 2020
Zeek network security monitor plugin that enables parsing of the S7 protocol
-
Updated
Jun 14, 2020 - Zeek
Zeek network security monitor plugin that enables parsing of the BACnet standard building controls protocol
-
Updated
Mar 4, 2020 - Zeek
Zeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol
-
Updated
Mar 19, 2020 - Zeek
Alpine Linux based Filebeat Docker Image
-
Updated
Jun 14, 2020 - Shell
A Spicy protocol analyzer for WireGuard
-
Updated
Aug 11, 2020 - Zeek
A Zeek ELF File Analyzer
-
Updated
Jun 30, 2020 - Zeek
CanCyber Zeek Module for network threat hunting
-
Updated
May 8, 2020 - Zeek
A saltstack formula to install BRO network security monitor on RHEL or Debian based systems
-
Updated
Aug 18, 2019 - SaltStack
Go implementation of the Community ID flow hashing standard
go
golang
bro
suricata
network-monitoring
network-security-monitoring
network-security
zeek
flow-hashing
community-id
-
Updated
Aug 29, 2019 - Go
A Zeek Network Security Monitor Tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.
pcap
bro
cybersecurity
cyber
cyber-security
network-security
zeek
cyber-threat-intelligence
cyber-security-team
-
Updated
Feb 27, 2020
Improve this page
Add a description, image, and links to the zeek topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the zeek topic, visit your repo's landing page and select "manage topics."
zeek-cut currently has ability to output "header blocks" in prefix to records. It would be helpful if there was an option that output a simple header row that contained only the corresponding field names, the target format supporting essentially CSV ready output.
Convoluted example of how we're achieving/using today with (for example) the Miller tool to postprocess: