Zeek package for tracking long connections to report them before they have completed.
Command line tool for Amazon Route 53
HTTP Protocol Stack CVE-2021-31166
Mapping Corelight or Zeek data to Elastic Common Schema fields
Zeek support for "community ID" flow hashing.
A Zeek package to detect the Pingback malware ICMP tunnel command and control (C2) network traffic.
An open standard for hashing network flows into identifiers, a.k.a "Community IDs".
Detection of Linux Malware C2 RedXOR - demonstration
Dockerfile building Serverless with Terraform for CI/CD
Docker container for python based CI updater for the leviathon repository
line based tcp load balancing proxy.
Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, Suricata and Zeek solutions.
A Python implementation of the Community ID flow hashing standard
A Zeek OpenVPN protocol analyzer plugin.
Corelight Sensor API command-line client
Zeek plugin to detect and decrypt XOR-encrypted EXEs
Bro analyzer that detects Google's QUIC protocol
Ubuntu-based builder including Go, NPM and Ruby tool FPM (for fleet-api)
Documentation generator capable of producing PDFs using LaTeX and Sphinx
Alpine-based builder/publisher for documentation with aws-cli and Sphinx
Zeek Unit Testing. Provides a framework to write unit tests for Zeek scripts.
Zeek Plugin that detects CallStranger (CVE-2020-12695) attempts (http://callstranger.com/)
Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 / CVE-2020-14750
Bro script package to create JSON formatted logs to stream into data analysis systems.