The Bro Network Security monitor is now...


Security's best-kept open-source secret has a new name— Zeek. Read about the Bro Project's reasons for the name change or watch the reveal.

Zeek and ye shall find!


How Bro Works

What's Bro?
It's the network data you wish you had.

When a security alert fires or when you have a problem to investigate, Bro helps you find the problem—faster. It complements signature-based tools to help you rapidly trace complex events across multiple flows and protocols with ease, to quickly pinpoint and resolve security issues.

tracing logs

Using Bro can completely change the job of incident response.

Hear our co-founder Seth Hall describe how:

picture of seth

Seth Hall, Chief Evangelist

Highly-structured real time network data.

If your typical response to alerts involves digging through piles of PCAP files or trying to piece together data through thin NetFlow records, there’s a better way. It’s Bro. Bro generates a wide range of rich network information, including logs for:

  • conn
  • capture loss
  • dce rpc
  • dhcp
  • dnp3
  • dns
  • dpd
  • files
  • ftp
  • http
  • intel
  • irc
  • kerberos
  • modbus
  • mysql
  • notice
  • ntlm
  • radius
  • rdp
  • sftp
  • sip
  • socks
  • smb
  • smtp
  • snmp
  • ssh
  • ssl
  • tunnel
  • weird
  • x509

Top organizations use Bro to:

Find rogue application deployments