While we’re in the process of developing a web site for the Bro Package Manager project, we’d like to share the packages we have collected so far. The package names and a short description are listed below.
Source: https://github.com/bro/packages
To learn how to use the Package Manager, see our documentation.
|
Contributor
|
Package
Name |
Description
|
|
jsiwek
|
An example Bro package for testing purposes
|
|
|
0xxon
|
PostgreSQL reader and writer for Bro
|
|
|
0xxon
|
Two-dimensional buckets for
sumstats (count occurences per $str) |
|
|
Corelight
|
Find and log long-lived connections into a
“conn_long” log |
|
|
dopheide
|
Adds support for multi-notice
correlation |
|
|
dopheide
|
The Linux VENOM rootkit
|
|
|
Hhzzk
|
Detect DNS Tunnels attack
|
|
|
initconf
|
Detection for Apache Struts recon and compromise
|
|
|
initconf
|
Phish
email analysis |
|
|
initconf
|
Scan-detection
policies for Bro |
|
|
j-gras
|
Additional JSON-logging for Bro
|
|
|
j-gras
|
This plugin provides native AF_Packet support for Bro
|
|
|
j-gras
|
Extensions for Bro’s intelligence
framework |
|
|
joesecurity
|
Extracts files from your internet connection and analyzes
them automatically on Joe Sandbox |
|
|
jonzeolla
|
Modified version of scan.bro to
add destination IP sampling |
|
|
jswaro/tcprs
– TCP |
TCP Retransmission and State Analyzer plugin for Bro
|
|
|
Ncsa
|
A broctl plugin that helps you
setup capture interfaces |
|
|
pgaulon
|
Bro Notices through Slack webhook
|
|
|
Scebro
|
LDAP write operations analyzer for
Bro |
|
|
sethhall
|
Packet source plugin that provides native Myricom SNF
v3+v4 support |
|
|
sethhall
|
Detect credit card numbers in HTTP
and SMTP with Bro |
|
|
sethhall
|
Bro script
library for getting the effective TLD of a domain |
|
|
sethhall
|
Detect US Social Security numbers
in HTTP and SMTP with Bro |
|
|
srozb
|
Find and notice DNS zone transfer attempts
|
|
|
theflakes
|
Raise notices on outgoing files
over X bytes in size |
RSS - Posts