"topic:zeek" — Search

218 results for “topic:zeek”

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

brodfirndrnetwork-monitoringnsmpcapsecurityzeek

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, collect and analyse network intelligence from your sensors, and much more! Uses Nmap, Masscan, Zeek, p0f, ProjectDiscovery tools, etc.

Python4.0k684Updated 1 day ago

broeasmexternal-attack-surface-managementhacktoberfestmasscannetworknetwork-discoverynetwork-reconnetwork-reconnaissancenetwork-securitynmapnmap-parsernmap-results-analysenmap-scriptsosintprojectdiscoveryscan-portsscanssecurityzeek

cisagov/Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Python2.4k407Updated 2 days ago

arkimecybersecurityinfosecnetwork-securitynetwork-traffic-analysisnetworksecuritynetworktrafficanalysisopensearchopensearch-dashboardspcapsecuritysuricatazeek

deepfence/PacketStreamerArchived

:star: :star: Distributed tcpdump for cloud native environments :star: :star:

Go1.9k247Updated 3 days ago

forensics-toolshacktoberfestinfosectoolsnetwork-analysisobservabilitypacket-capturepacket-snifferpcapsecopssecurity-toolssnortsocsuricatatcpdump-liketraffic-monitoringzeek

cisagov/LME

Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure. LME Docs can be found at https://cisagov.github.io/lme-docs/docs/

Shell1.4k140Updated 2 days ago

cybersecurityelasticelasticsearchelkelk-stacklogloggingnetwork-analysissecuritysecurity-toolszeek

stratosphereips/StratosphereLinuxIPS

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.

Python862195Updated 4 days ago

aidockerendpoint-protectiongsoc-2023gsoc-2024idsintrusion-detection-systemintrusion-prevention-systemipsmachine-learningnetwork-analysisnetwork-securitypcapstratosphere-ipszeek

tenzir/tenzir

Tenzir is the data pipeline engine for security teams.

C++727103Updated 16 hours ago

dataopshacktoberfestincident-responseinvestigationnetflowpcappipelinessecdataopssecuritysiemsigmasocsuricatathreathuntingzeek

activecm/rita

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Go52656Updated 1 day ago

anomaly-detectionbeaconsblue-teamc2c2-detectioncommand-and-controlcyber-securityincident-responseintrusion-detectionlog-analysisnetwork-monitoringnetwork-traffic-analysissecurity-toolsthreat-huntingthreat-intelligencezeek

V1D1AN/S1EM

This project is a SIEM with SIRP and Threat Intel, all in one.

Shell46189Updated 1 week ago

arkimecortexdockerelasticsearchfilebeatkibanalogstashmalwaremispmwdbn8nopenctisigmasuricatathehivevelociraptoryarazeekzircolite

SuperCowPowers/zat

Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark

Jupyter Notebook451111Updated 1 week ago

brodata-analysiskafkanetworkingpandaspythonscikit-learnsecuritysparkzeekzeek-analysis

CriticalPathSecurity/Zeek-Intelligence-Feeds

Zeek-Formatted Threat Intelligence Feeds

Zeek39049Updated just now

malwarephishingthreat-intelligencethreatintelzeekzeek-ids

zeek/spicy

C++ parser generator for dissecting protocols & files.

C++28845Updated 1 day ago

parsingsecurityspicyzeek

tenzir/threatbusArchived

🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.

Python27017Updated 1 week ago

cifcif3idsmispopenctiopencti-connectorsightingsthreat-busthreat-huntingthreat-intelligencethreat-intelligence-datathreatintelzeek

DynamiteAI/dynamite-nsm

DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat detection

Python17223Updated 3 weeks ago

agentsdashboardsdynamite-nsmelasticsearchipfixkibanalogstashnetflownetwork-analysisnetwork-trafficpythonpython3suricatazeek

ethack/tht

Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science

Shell15114Updated 10 hours ago

dockerthreat-huntingzeek

tylabs/dovehawk

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

Zeek12222Updated 5 months ago

bro-idsmispmisp-sightingsthreat-huntingthreat-intelligencezeekzeek-ids

hosom/file-extraction

Extract files from network traffic with Zeek.

Zeek10247Updated 1 month ago

broextract-fileszeekzeek-package

blacktop/docker-zeekArchived

Zeek IDS Dockerfile

Zeek10131Updated 1 year ago

dockerelasticsearchidskafkanetwork-monitoringzeekzeek-ids

brimdata/brimcap

Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)

Go9212Updated 1 month ago

brim-desktoppcapsuricatazeek

zeek/zeek-agent-v2

Open source endpoint agent providing host information to Zeek. [v2]

C++909Updated 1 month ago

zeek

stratosphereips/zeek_anomaly_detector

A completely automated anomaly detector Zeek network flows files (conn.log).

Python8234Updated 3 weeks ago

anomaly-detectionidsintrusion-detectionnetwork-securitypythonzeekzeek-analysiszeek-ids

Truvis/CheatSheets

Collection of scripts, files, and tips to create and maintain networks, hack, and more!

7514Updated 2 months ago

cheatsheetsdashboardselasticsearchelkstackfilebeatkibanalinuxlogstashnetwork-monitoringopnsensepacketbeatpfsensesecuritysecurity-auditsecurity-toolssiemsnmpsplunkwindowszeek

zeek/broker

Zeek's Messaging Library

C++6927Updated 1 month ago

brocafpubsubzeek

activecm/docker-zeek

Run zeek with zeekctl in docker

Shell6321Updated 2 weeks ago

dockerhacktoberfestzeekzeekctl

mytechnotalent/Zeek-Network-Security-Monitor

A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.

Zeek629Updated 1 month ago