Content Packs

Tagged by 'intrusion-detection'.

BRO/Zeek IDS Logs
Content Pack

BRO IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO logs coming from a Security Onion sensor.
- stream
- input
- dashboard
- ids
- BRO
- Intrusion-Detection
- Zeek
alias454

free!

Not found what you are looking for? Let us know what you'd like to see in the Marketplace!

Content Pack
GELF Library
Other Solutions
Plugin

2.0
3.0
3.1
8.1
9.0
aaa
accesslog
accesspoint
Active
ActiveDirectory
ActiveDirectoryFederationServices
activemq
AD
ADFS
aggregate
aggregation
agregation
Airlock
alarm
alarmcallback
alarms
alert
alerting
alertmanager
alert-rules
alerts
alphasoc
AMQP
anomalies
ansible
Anti-Virus
apache
apache2
appender
appender_amqp
appender_graylog2
apple
application
Application Whitelisting
APT
archive
arcsight
ASA
ASM
asset
Asterisk
audit
auth
automation
aws
azlog
Azure
backup
Backup and
backupexec
barracuda
basic
beats
benchmark
BIG-IP
bind
bit9
blacklist
BlueCoat
boilerplate
BRO
buffering
bunyan
c
c#
c++
cache_data_adapter
Cacti
callback
carbonblack
ca single sign-on
cassandra
catalyst
categorize
cef
Centos
centos7
cert
chat
check
chef
child
chunking
cisco
citrix
cli
client
cloudtrail
cocoa
collector
command
common
composer
condition
conditional
configuration
configuration-management
console
containers
Content
content pack
conversion
coreos
correlation
count
crates.io
csv
Cylance
dashboard
data
data adapter
database
databse
datadog
Data_retention
db
decimal
defense
delimited
Dell
Deployment
DHCP
Dialplan
Digium
Directory
dlang
dmz
dns
dnstap
docker
dotnet
dotnet-core
dropwizard
dvs
edgerouter
elastic
elasticsearch
elixir
encrypted
endpoint
enrichment
enterpriseprotection
erlang
ESXi
European_Union
event
eventlog
eventlogs
event-notification
export
extended
Extractor
f#
F5
fail2ban
falco
file
filebeat
filewriter
filter
firepower
firesight
Firewall
Firewall Syslog
flowframework
fluentd
follow
Foreman
Fortigate
Fortinet
forwarder
framework
Freeradius
fstrm
FTP
fun
function
ganglia
gateways
gelf
gelfpro
gitlab
Glances
GLPI
go
golang
good
grafana
graphite
graylog
Graylog3
graylog-collector
graylog-plugin
GROK
groupby
grouper
GUI
guide
hadoop
handler
hapi
haproxy
hardware
Hashicorp
HDFS
heroku
hex
hids
hipchat
hMailServer
hostd
http
httpd
http gelf
huawei
hubot
hypervisor
ica
icinga
icinga2
ids
incident
influxdb
infoblox
input
interface
internal
Intrusion-Detection
inventory
ios
iot
ips
iptables
ise
jabber
java
java.util.logging
JBossAS
jbosseap
jdbc
jira
jms
jmx
journal
journald
json
Juniper
Junos
jvm
kafka
knotdns
kubernetes
language-integration
laravel
layout
librato
line
linux
log
log4j
log4j2
log4js
log4net
log4perl
log4php
log-alert
logback
logger
logging
logical
logrus
logs
logstash-forwarder
Lookuptable
lumberjack
mac
mail
Malware
ManageEngine
management
Manager
matomo
meraki
message
metrics
MGE
microsoft-teams
misp
modsecurity
mongodb
monitoring
mono
monolog
multi-tenancy
mysql
nagios
nagiosplugin
nats
nats-streaming
naver-line
neo4j
neoscms
net
.net
netcore
.netcore
netflow
netscaler
netstandard
.netstandard
netty
network
Nexmo
nfr
NGFW
nginx
Nlog
node
nodejs
node.js
normalization
notification
notifications
npm
nsq
nxfilter
nxlog
objective-c
office365
Openshift
opensource
openssh
openstack
openwire
OperatingSystem
operator
OPNSense
opsgenie
Oracle
orchestration
ossec
osx
output
ovh
PABX
Pack
packetbeat
pagerduty
PAN
PANOS
parent
parse
Password
pattern
PBX
performance
perl
pfsense
phoenix
PHP
pipeline
pipeline-processor
piwik
play
playbook
playframework
Plesk
plivo
plugin
pluging
PMP
poll
polling
postgres
postgresql
PowerShell
priority-events
profiler
proftpd
prometheus
Proxy
pt_br
pulsesecure
pushover
python
qt
quick-values
quill
rabbit
rabbitMQ
Radius
RaidenFTPD
rails
raw
rb
rdbms
realtime
redis
Redmine
relationship
Replication
report
resolve
rest-api
rest-api-monitor
restcomm
rhel
rhel7
riemann
RIPEATLAS
router
RStudio
rsyslog
ruby
rubyonrails
Ruckus
rule
rundeck
Rust
saas
SaltStack
scala
script
Security
selinux
sensu
sentinel
SEPM
server
sfr
shell
shiny
sidecar
sidekiq
simple-notification-service
SIP
siteminder
slack
slf4j
slookup
SmartZone
sms
SMTP
snmp
snort
sns
SonicOS
SonicWall
Sophos
space
splunk
Squid
Squid3
ssh
sshd
ssl
SSLV
sso
starter-kit
statsd
stdout
stealthwatch
stream
streams
structuredlogs
suricata
swift
switch
symantec
syslog
syslog-ng
systemd
tail
target
tcp
td-agent
teams
teamspeak
telegraf
telegram
telephony
terms
The foreman
threat
time
tinylog
tls
to disk
tomcat
topbeat
Topdesk
traffic
transport
traps
Trunk
tsv
twilio
twisted
typo3flow
Ubiquiti
ubiquity
udp
UFW
unbound
unifii
Unix
unomaly
Untangle
UPS
usom
UTM
Vault
vb
vcenter
Veeam
veritas
vim.events
virtual
virtualization
visualization
vmon
VMware
vmware_extractors
VoIP
VPN
vpxd
WAF
watchguard
wazuh
wcf
weather
web
Web-Gateway
web-plugin
websense
website-monitor
Whitelisting
widget
wifi
WildFly
Windows
winlogbeat
winston
wireless
wizard
wlc
workers
xenserver
XG
xmpp
yii2
zabbix
Zeek
zeromq
Zimbra

Content Packs

BRO/Zeek IDS Logs

Content Pack

Types

Tags