good first issue
A good place to get started working with Zeek.
Type: Bug 🐛
Unexpected behavior or output.
Area: Scripting
#
zeek
Here are 112 public repositories matching this topic...
aryanguenthner
commented
Apr 3, 2021
The current view is "15 Most Common Product/Ports"
Only seeing 15 Products limits the visibility into network recon.
Request is to add the option to "Show All Products Ports"
The ability to see all products is key to network enumeration.
philrz
commented
Nov 26, 2020
Repro is with Brim commit 617d8f1.
I've noticed a couple small glitches with Space renames that are shown in the attached video.
- If a user goes in to rename the Space and makes no changes, hitting "Ok" brings up an error message. They can only get out by hitting the "X" or the Escape key. Technically the error messa
Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark
-
Updated
Mar 27, 2022 - Jupyter Notebook
pcap
secops
suricata
packet-sniffer
network-analysis
soc
observability
traffic-monitoring
packet-capture
zeek
snort
security-tools
tcpdump-like
infosectools
forensics-tools
-
Updated
Apr 6, 2022 - Go
Slips. A machine learning-based Intrusion Prevention System (IDS/IPS). Free Software. Stratosphere Laboratory
docker
machine-learning
pcap
ai
detection
ids
pcap-files
intrusion-prevention
ips
network-traffic
zeek
stratosphere-ips
-
Updated
Apr 5, 2022 - Python
ids
threat-hunting
cif
misp
threatintel
sightings
zeek
threat-intelligence
opencti
threat-bus
cif3
opencti-connector
threat-intelligence-data
-
Updated
Jan 27, 2022 - Python
C++ parser generator for dissecting protocols & files.
security
parsing
zeek
spicy
spicy-parsers-takes
overview-spicy
zeek-analyzers
spicy-manual
spicy-binaries
-
Updated
Apr 6, 2022 - C++
DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat detection
python
elasticsearch
kibana
logstash
netflow
ipfix
python3
dashboards
suricata
network-analysis
agents
network-traffic
zeek
dynamite-nsm
-
Updated
Mar 8, 2022 - Python
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
-
Updated
Jul 12, 2021 - Zeek
Extract files from network traffic with Zeek.
-
Updated
Mar 17, 2020 - Zeek
Zeek IDS Dockerfile
-
Updated
Mar 16, 2022 - Zeek
A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.
pcap
hack
network
hacking
bro
cybersecurity
network-monitoring
lesson
network-security-monitoring
network-analysis
cyber
cyber-security
network-traffic
network-security
zeek
cyber-threat-intelligence
conn
cyber-security-team
zeek-instance
-
Updated
Sep 27, 2021 - Zeek
Zeek (formerly Bro) Network Security Monitor package for pfSense router/firewall
javascript
bash
ssh
php
xml
firewall
ajax
bro
browse
pfsense
xml-rpc
zeek
pfsense-pkg-zeek
pfsense-pkg-bro
pfsense-router
-
Updated
Jun 27, 2021 - PHP
Zeek network security monitor plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
-
Updated
Mar 9, 2021 - Zeek
Collection of scripts, files, and tips to create and maintain networks, hack, and more!
windows
linux
security
elasticsearch
security-audit
kibana
logstash
splunk
snmp
filebeat
opnsense
dashboards
network-monitoring
siem
packetbeat
pfsense
cheatsheets
zeek
security-tools
elkstack
-
Updated
Jun 13, 2021
Zeek network security monitor plugin that enables parsing of the S7 protocol
-
Updated
Mar 23, 2022 - Zeek
Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science
-
Updated
Apr 1, 2022 - Shell
A Zeek script to generate features based on timing, volume and metadata for traffic classification.
training
flow
machine-learning
analysis
ipv4
feature-extraction
packet
zeek
classifiers
cicflowmeter
layer3
zeek-ids
zeek-flowmeter
ipv6-flows
-
Updated
Nov 8, 2020 - Zeek
Generate network maps from packet captures
-
Updated
Sep 15, 2019 - JavaScript
A Spicy protocol analyzer for WireGuard
-
Updated
Aug 11, 2020 - Zeek
Zeek network security monitor plugin that enables parsing of the BACnet standard building controls protocol
-
Updated
Mar 9, 2021 - Zeek
Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)
-
Updated
Apr 6, 2022 - Go
A Zeek log writer plugin that publishes to Kafka.
-
Updated
Apr 5, 2022 - Shell
Zeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol
-
Updated
Mar 23, 2022 - Zeek
Improve this page
Add a description, image, and links to the zeek topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the zeek topic, visit your repo's landing page and select "manage topics."
Regarding the deprecation of the protocol_confirmation event coming in Zeek 5.1... if an analyzer plugin uses only analyzer_confirmation(), that event doesn't ever get called. This is with Zeek 4.2. It seems this line in ProtocolConfirmation() should also check analyzer_confirmation - more specifically, `if ( ! protocol_conf