Zeek
Zeek (formerly Bro) is an open-source network security monitor that can passively inspect network traffic for suspicious activity. It detects intrusions, malware, and policy violations and generates logs for network forensics and analysis.
Zeek (formerly Bro) Network Security Monitor
Open-source network security monitor detecting intrusions, malware, and policy violations with logs for network forensics and analysis
What is Zeek?
Zeek (formerly known as Bro) is an open-source network security monitor designed to detect suspicious traffic patterns and activities on networks. Developed by the National Center for Supercomputing Applications, Zeek passively monitors network traffic in real-time and generates logs for further analysis.
Some key capabilities and features of Zeek include:
- Traffic analysis - Zeek can analyze all types of traffic including HTTP, DNS, SMTP, SSH etc. for signs of intrusions, malware infections, compromised hosts, and more.
- Event logging - Zeek logs contain detailed records of all the events and activities it detects on the network like connections, files transferred, authentication attempts etc.
- Policy monitoring - Custom policies can be created to trigger specific actions when defined traffic patterns occur on the network.
- Scalability - Zeek is highly scalable and can monitor networks with very high traffic volumes and bandwidth.
- Customization - Zeek's event engine allows users to develop custom scripts and plugins using languages like C++ and Python to extend functionality.
Zeek generates rich log files which contain transaction details and can be used for in-depth investigations and forensic analysis. It is commonly used to detect attacks, malware infections, suspicious insider activities, performance issues and policy violations on corporate networks.
Zeek Features
Features
- Real-time traffic analysis
- Protocol analysis
- Custom protocol detection
- Dynamic protocol detection
- File extraction
- Asset tracking
- Anomaly detection
- Signature-based detection
Pricing
- Open Source
Pros
Open source and free
Powerful scripting capabilities
Large user community and support
Integrates well with other tools
Can handle high bandwidth
Good at detecting anomalies
Cons
Steep learning curve
Requires expertise to configure and customize
Generates large amounts of log data
Limited built-in reporting capabilities
Does not block attacks in real-time
Official Links
Reviews & Ratings
Login to ReviewThe Best Zeek Alternatives
View all Zeek alternatives with detailed comparison →
Top Security & Privacy and Network Monitoring and other similar apps like Zeek
Here are some alternatives to Zeek:
Suggest an alternative ❐
Suricata
Suricata is an open source intrusion detection and prevention system developed by the Open Information Security Foundation. It works by sniffing network traffic in real-time and running it against a set of predefined rules and signatures to identify potential threats and anomalies.Some key features of Suricata include:Real-time threat detection using...
Snort
Snort is a free and open-source network intrusion detection system (NIDS) and intrusion prevention system (IPS). It was created in 1998 by Martin Roesch and is now developed by Cisco. Snort analyzes network traffic in real-time and performs protocol analysis, content searching, and matching to detect a variety of attacks...
Arkime
Arkime is an open-source network traffic analyzer and packet capturing tool that enables real-time collection, indexing, and querying of network traffic. It supports high-bandwidth monitoring with capture rates up to 40 Gbps and unlimited capture sizes.Some key features of Arkime include:Real-time packet capture, filtering and storagePowerful query engine for fast...
LOKI Free IOC Scanner
LOKI Free IOC Scanner is a free, open-source IOC scanner for Windows systems. It allows users to scan their systems for Indicators of Compromise and detect potential malware infections. Some key features and details:Developed by Florian Roth as part of the Nextron Systems GmbH's scanner collectionScans for suspicious file hashes,...
Redborder
Redborder is an open-source network security software that aims to provide an all-in-one solution for small businesses. It includes features such as:Firewall - Filters incoming and outgoing network traffic based on rules.VPN - Allows remote users to securely access the internal network.Intrusion Detection/Prevention - Monitors network traffic and blocks or...
Maltrail
Maltrail is an open source malware analysis and intrusion detection system tool. It functions by capturing and analyzing network traffic to identify patterns of communication to known malicious domains, IP addresses, or other indicators of compromise.Maltrail operates by sniffing network traffic, extracting relevant data from IP and TCP payloads, and...
