GitHub is home to over 40 million developers working together. Join them to grow your own development teams, manage permissions, and collaborate on projects.
An open standard for hashing network flows into identifiers, a.k.a "community IDs".
Mapping Corelight or Zeek data to Elastic Common Schema fields
Dockerfile building Serverless with Terraform for CI/CD
Zeek support for "community ID" flow hashing.
Bro script package to create JSON formatted logs to stream into data analysis systems.
reduce amount of tracked smb state
Clear SSL State earlier to reduce memory usage
Ubuntu-based builder including Go, NPM and Ruby tool FPM (for fleet-api)
Documentation generator capable of producing PDFs using LaTeX and Sphinx
Alpine-based builder/publisher for documentation with aws-cli and Sphinx
Ubuntu base capable of building C via make/cmake
Alpine docker container preloaded with AWS CLI and Git for CI/CD
Corelight Sensor API command-line client
A Python implementation of the Community ID flow hashing standard
Bro plugin to detect and decrypt XOR-encrypted EXEs
Add VLAN tags to all Bro logs
Bro package for tracking long connections to report them before they have completed.
Bro analyzer that detects Google's QUIC protocol
Bro Log Cheatsheets
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. Official mirror of git.bro.org/bro.git .
ShellShock attack and exploit detector for Bro.
A Bro package to identify connections that are bursting (lots of data and transferring quickly).
Plugin to support libmaxminddb in Bro
Detect HTTP stalling attacks like slowloris with Bro
Add POST body excerpt to Bro's HTTP log
Note: This repository has been renamed to corelight-client.
Top DNS Measurement for Bro