Zeek-Formatted Threat Intelligence Feeds
-
Updated
Nov 21, 2024 - Zeek
Zeek-Formatted Threat Intelligence Feeds
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Zeek IDS Dockerfile
A completely automated anomaly detector Zeek network flows files (conn.log).
A Zeek script to generate features based on timing, volume and metadata for traffic classification.
Alpine Linux based Filebeat Docker Image
An operator which calls zeek to nix-ecosystem simply.
Templates for writing applications using Zeek NSM communication library Broker
A log parser for common zeek text logs in Golang.
Zeek IDS and Zeek-Broker Docker images
🐦 A fluentd config for zeek
Deployment of Zeek on a Raspberry Pi 4B
DoveHawk.io Anonymized Outgoing Partial Netflow
DEteCtion of Anomalous outbouNd HTTP TRaffic by Passive Application Fingerprinting -- fork of original scientific paper code
This repository has customised scripts of Zeek IDS.
Add a description, image, and links to the zeek-ids topic page so that developers can more easily learn about it.
To associate your repository with the zeek-ids topic, visit your repo's landing page and select "manage topics."