Add Kerberos ticket hashes to the krb.log
policy/protocols/modbus/known-masters-slaves.bro
policy/protocols/http/var-extraction-uri.bro