Telemetry that's rich, standardized, and profoundly connected

When a security alert fires or when you have a problem to investigate, Zeek® helps you find the problem—faster. It complements signature-based tools to help you rapidly trace complex events across multiple flows and protocols with ease, to quickly pinpoint and resolve security incidents.

You can do great things with Zeek evidence:

ig-site-icon-green-check Find threats before they become a breach or compromise ig-site-icon-green-check Stop exfiltration, ransomware, or C2 attacks before impact
ig-site-icon-green-check Speed attack investigation and remediation ig-site-icon-green-check Detect SSH client brute-force attacks
ig-site-icon-green-check Create custom Zeek logs to fingerprint connections ig-site-icon-green-check Detect lateral movement related to SMB and DCE-RPC traffic
ig-site-icon-green-check Use metadata for discovery and inventory   See more use cases

See how Zeek works

HubSpot Video

Use open source?
Corelight is Zeek made even better

  • Higher throughput speeds—100 Gbps+ network traffic in 1U
  • Built-in custom detections for C2, encrypted traffic
  • Rapid deployment by our responsive support team

Compare Corelight to Zeek

Top organizations use Zeek to:

Find rogue application deployments

Dramatically reduce incident response time

Identify and filter out false positives from their IDS

Correctly diagnose a DDoS attack

Expand hunting capabilities

Create custom detection scripts from the newfound visibility

Gain visibility into internal employee application usage

Watch Zeek logs 101

HubSpot Video
HubSpot Video
HubSpot Video
HubSpot Video
HubSpot Video
HubSpot Video
HubSpot Video
HubSpot Video
HubSpot Video
HubSpot Video
HubSpot Video

Free Zeek cheatsheets

A selection of our most popular log cheatsheets.