Corelight, Inc.'s repositories
ecs-mapping
Mapping Corelight or Zeek data to Elastic Common Schema fields
cve-2021-44228
Log4j Exploit Detection Logic for Zeek
log-add-http-post-bodies
Add POST body excerpt to Bro's HTTP log
json-tcp-lb
line based tcp load balancing proxy.
ecs-logstash-mappings
Mapping Corelight or Zeek data to Elastic Common Schema logs
suricata_exporter
A Prometheus Exporter for Suricata
ecs-templates
Corelight or Zeek Elastic Common Schema Templates
icannTLD
Zeek script using the official ICANN Top-Level Domain (TLD) list with the Input Framework to extract the relevant information from a DNS query and mark whether it's trusted or not. The source of the ICANN TLD's can be found here: https://publicsuffix.org/list/effective_tld_names.dat. The Trusted Domains list is a custom list, created by the user, to filter domains during searches.
http-more-files-names
Add more filenames to files.log from HTTP requests
zeek-asyncrat-detector
A Zeek based AsyncRAT malware detector.
zeek-notice-telegram
Send Notices as messages over Telegram
ExtendIntel
This package extends the Intel package to log more fields
terraform-aws-enrichment
Terraform for Corelight's AWS Cloud Enrichment.
terraform-aws-sensor
Terraform for Corelight's AWS Cloud Sensor Deployment.
terraform-azure-enrichment
Terraform for Corelight's Azure Cloud Enrichment.
terraform-azure-sensor
Terraform for Corelight's Azure Cloud Sensor Deployment.
terraform-gcp-enrichment
Terraform for Corelight's GCP Cloud Enrichment.
terraform-gcp-sensor
Terraform for Corelight's GCP Cloud Sensor Deployment.
Zeek-Endpoint-Enrichment-conn
Enrich the conn.log with EDR data
zeek-strrat-detector
A Zeek based STRRAT malware detector.