Product

Zeek^®

With more than 10,000 deployments worldwide, Zeek^® is the world's most widely used network security monitoring platform and is the foundation for Corelight evidence.

Watch video

The gold standard for network monitoring

Zeek transforms network traffic into compact, high-fidelity transaction logs, allowing defenders to understand activity, detect attacks, and respond to them. Zeek sits out-of-band, on-prem or in the cloud. It gathers metadata and extracted files, and formats everything for input into any SIEM or XDR. Zeek provides the evidence that is foundational to Corelight’s Open NDR Platform.

See Zeek data

How it works

Enterprise-grade sensors in every form factor
Built-in integrations with IDS and Smart PCAP
Fully supported by the Corelight team
Monitoring at 100 Gbps+
Constantly improved with research from Corelight Labs

Free Zeek cheatsheets

A selection of cheatsheets for understanding what’s in Zeek metadata.

Download

ig-site-zeek-logs-cheatsheet-three-pages--cropped

Close the case on ransomware

In high stakes ransomware investigations, many security teams are unable to answer key questions and default to worst-case assumptions. With complete visibility from Corelight, teams can avoid costly overreactions. One customer, when confronted with a $10 million ransomware demand, used Corelight to prove the exfiltrated data being held for ransom had no real value while providing legal aircover for refusing to pay the ransom.

See how