SSIDS is a Zeek/Python (3) project. It stands for Standard Specification-based IDS, for Industrial Control Systems. This repository contains extracts of codes and aims at presenting the concept of …

A set of security datasets for testing of tools and algorithms

A completely automated anomaly detector Zeek network flows files (conn.log).

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CV…

a collection of OT and ICS protocol parsers for Zeek

Zeek HART-IP Parser - CISA ICSNPP

Zeek Modbus Extension Scripts - CISA ICSNPP

Zeek Profinet I/O Context Manager Parser - CISA ICSNPP

Zeek parser for Synchrophasor Data Transfer for Power Systems (C37.118)

Zeek Ethernet/IP and CIP Parser - CISA ICSNPP

Zeek BSAP Parser - CISA ICSNPP

Zeek BACnet Parser - CISA ICSNPP

Zeek S7comm, S7comm-plus, and COTP Parser - CISA ICSNPP

Zeek GE SRTP Parser - CISA ICSNPP

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Genisys over TCP/IP

Zeek Ethercat Parser - CISA ICSNPP

Zeek Extension to Collect Metadata for Profiling of Endpoints and Proxies

Zeek OPCUA Binary Parser - CISA ICSNPP

scan & visualize subnets

A Zeek package to detect CVE-2022-26937, a vulnerability in the Network Lock Manager (NLM) protocol in Windows NFS server.

HTTP Protocol Stack CVE-2021-31166

A Zeek JPEG File Analyzer

A Spicy protocol analyzer for WireGuard

ESnet SmartNIC firmware design repository.

OWAMP protocol analyzer plugin for Bro/Zeek

Prometheus Exporter for Zeek

ESnet SmartNIC hardware design repository.