We're committed to providing users with access to the richest stream of network detection and response data possible. Discover parsers for new protocols, data analyzers, malware detectors, supporting documentation, and more, here.
Collections of scripts and plug-ins created for Corelight Sensors that detect malicious behaviors and expand on Zeek data.
C2 Collection - Detection for over 50 types of command and control activity
Encrypted Traffic Collection - Unique insights to investigate encrypted traffic present on most networks
Core Collection - Expanded insights for monitoring high-throughput sites for port scanning, cryptomining, and more
Zeek open source packages
JPEG File Analyzer - Logs additional information about JPEG images
ELF File Analyzer - Logs additional information about ELF based executable files
RedXOR C2 Detector - Detects RedXOR malware by looking for it’s command and control network traffic
ZeroLogin Detector - Detects network traffic specific to the ZeroLogin vulnerabilities
Query a full list of all Zeek packages:
Zeek open source enhancements
ECS Mappings for Zeek
Ansible Roles for supporting Corelight sensors
Spicy Protocol Parsers