Zeek has a long history in the open source and digital security worlds. Vern Paxson began developing the project in the 1990s under the name “Bro” as a means to understand what was happening on his university and national laboratory networks. Vern and the project’s leadership team renamed Bro to Zeek in late 2018 to celebrate its expansion and continued development. Zeek is not an active security device, like a firewall or intrusion prevention system. Rather, Zeek sits on a “sensor,” a hardware, software, virtual, or cloud platform that quietly and unobtrusively observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs, file content, and fully customized output, suitable for manual review on disk or in a more analyst-friendly tool like a security and information event management (SIEM) system.
Features
- Zeek (formerly Bro) is the world’s leading platform for network security monitoring
- Flexible, open source, and powered by defenders
- In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis at the application layer
- Adaptable and Flexible Zeek's domain-specific scripting language enables site-specific monitoring policies and means that it is not restricted to any particular detection approach
- Efficient Zeek targets high-performance networks and is used operationally at a variety of large sites
- Highly Stateful Zeek keeps extensive application-layer state about the network it monitors and provides a high-level archive of a network's activity
Project Samples
