The Bro Network Security monitor is now...

Security's best-kept open-source secret has a new name — Zeek. Read about the Zeek Project's reasons for the name change or watch the reveal.

Zeek and ye shall find!

Zeek logo Zeek logo

Security's best-kept open-source secret has a new name — Zeek. Read about the Zeek Project's reasons for the name change or watch the reveal.

Zeek and ye shall find!

What's Zeek?

It's the network data you wish you had. See Zeek data.

When a security alert fires or when you have a problem to investigate, Zeek helps you find the problem—faster. It complements signature-based tools to help you rapidly trace complex events across multiple flows and protocols with ease, to quickly pinpoint and resolve security issues.

tracing logs

Zeek has a long, rich history that makes it one of network security’s most powerful tools.

Hear our CEO Greg Bell recount the story and growth of Zeek:

Highly-structured real time network data.

If your typical response to alerts involves digging through piles of PCAP files or trying to piece together data through thin NetFlow records, there’s a better way. It’s Zeek. Zeek generates a wide range of rich network information, including logs for:

  • conn
  • capture loss
  • dce rpc
  • dhcp
  • dnp3
  • dns
  • dpd
  • files
  • ftp
  • http
  • intel
  • irc
  • kerberos
  • modbus
  • mysql
  • notice
  • ntlm
  • radius
  • rdp
  • sftp
  • sip
  • socks
  • smb
  • smtp
  • snmp
  • ssh
  • ssl
  • tunnel
  • weird
  • x509

Top organizations use Zeek to:

Find rogue application deployments