-
# Summary #
Zeek's default of dropping responder packets is being overridden by the parser. Therefore, responder
packets are being logged; however, the originator and responder roles aren't switch…
-
When collecting traffic deeper within a network, a method to collect and view ARP traffic specifically but other lower level protocols (CDP, STP, iSCSI) may be useful as well. With the current impleme…
-
A test failed on a tracked branch
```
Error: expected [ { 'kibana.version': '8.8.0-SNAPSHOT',
'kibana.alert.rule.category': 'Indicator Match Rule',
'kibana.alert.rule.consumer': 'siem',
'…
-
## Issue
I have a pcap, when i run suricata on it, it produces flows with cids
when I run zeek on it, and generate the cid of each zeek flow using pycommunityid library, some flows don't have the sa…
-
Hello,
I'm working on Slips IDS and it's consuming the ```cps-collected-iocs.intel``` feed from the master branch
https://raw.githubusercontent.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/m…
-
It would be nice if fields of a bitfield can be mapped in the parent scope:
```
type Foo = unit {
b: bitfield(8) {
x: 0..3;
y: 4..7;
};
};
```
For example, not naming the bitfield…
-
It would be helpful to export the loaded modules via the telemetry framework. Currently, it would be possible to export loaded scripts. However, this is quite fine-grained.
-
A user reported observing vlan ids > 4095, the tp_vlan_tci (tag control information) from the kernel contains the full vlan tag including Drop eligible indicator (DEI) and Priority code point (PCP), n…
-
# 每日安全资讯(2023-07-07)
- SecWiki News
- [ ] [SecWiki News 2023-07-06 Review](http://www.sec-wiki.com/?2023-07-06)
- HackerOne Hacker Activity
- [ ] [Banned user still able to invited to reports as …
-
Two very popular open source programs (Zeek and Suricata) used as passive network sensors and Intrusion Detection Systems (IDS) have implemented a "Community Flow ID". This flow hash is a calculation…