Zeek (Bro) Vulnerability Scan Detector
A vulnerability scan detection script for Zeek (Bro). This script simply detects the difference between a basic scan and a vulnerability scan by whether a reasonable amount of data was transferred on a few ports or many hosts in a short period of time.
Many thanks to ncsa/bro-simple-scan on which this script is based.
Usage
$ bro-pkg install https://github.com/fkmclane/bro-vuln-scan.git