Zeek (formerly known as Bro) is a powerful framework for network traffic analysis and security monitoring.
Zeek also supports a wide range of traffic analysis tasks beyond the security domain, including performance measurement and troubleshooting.
Zeek runs on commodity hardware and hence provides a low-cost alternative to expensive proprietary solutions.
This is free and open source software.
Key Features
- In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis at the application layer.
- Adaptable and Flexible Zeek’s domain-specific scripting language enables site-specific monitoring policies and means that it is not restricted to any particular detection approach.
- Efficient Zeek targets high-performance networks and is used operationally at a variety of large sites.
- Highly Stateful Zeek keeps extensive application-layer state about the network it monitors and provides a high-level archive of a network’s activity.
- Built-in functionality for a range of analysis and detection tasks, including extracting files from HTTP sessions, detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL certificate chains, and much more.
- Fully customizable and extensible platform for traffic analysis. Zeek provides users a domain-specific, Turing-complete scripting language for expressing arbitrary analysis tasks
Website: zeek.org
Support: Documentation, GitHub Code Repository
Developer: The Regents of the University of California through the Lawrence Berkeley National Laboratory and the International Computer Science Institute
License: BSD License
Zeek is written in C++. Learn C++ with our recommended free books and free tutorials.
Related Software
| Network Intrusion Detection Systems | |
|---|---|
| Snort | Intrusion detection/prevention with real-time traffic analysis/packet logging |
| Suricata | High performance Network IDS, IPS and Network Security Monitoring engine |
| Zeek | (formerly Bro) Powerful network analysis framework |
| Mailtrail | Lightweight malicious traffic detection system |
| Security Onion | Platform built by defenders for defenders |
| Kismet | Wireless intrusion detection, wireless network and device detector, and more |
| psad | Intrusion detection and log analysis with iptables |
| Sagan | Multi-threads, high performance log analysis engine |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |