The Bro Network Security monitor is now...

Zeek

Security's best-kept open-source secret has a new name— Zeek. Read about the Bro Project's reasons for the name change or watch the reveal.

Zeek and ye shall find!

Zeek
Scripts + Resources

Bro scripts

Corelight Sensors come pre-loaded with a set of the most popular and useful Bro Scripts, to get you up and running in minutes. But sometimes you want to add extra functionality or customization. These Bro scripts have been vetted and tested for performance by the Corelight team.

HTTP stalling detector script

Detects HTTP stalling DoS attacks, such as Slowloris.

Download
Top DNS script

Logs the top DNS requests at a configurable interval (15 min. default).

Download
JA3 script

Generates SSL client fingerprints and logs them as a new field in the ssl.log.

Download
Unknown MIME type discovery script

Logs files without known MIME types.

Download
Image for Bro logs: a selection
Resource

Bro logs: a selection

Contains a selection of the most popular Bro Logs, alphabetized and formatted for easy reference. Also includes key SMB logs for Microsoft® platforms.

Download

Image for Microsoft Bro logs
Resource

Microsoft Bro logs

Microsoft® files remain a key element of many enterprises. Understanding traffic over SMB can be critical to incident response, and Bro gives you what you need.

Download