The Bro Network Security monitor is now...


Security's best-kept open-source secret has a new name — Zeek. Read about the Zeek Project's reasons for the name change or watch the reveal.

Zeek and ye shall find!


How Zeek Works

What's Zeek?

It's the network data you wish you had.

When a security alert fires or when you have a problem to investigate, Zeek helps you find the problem—faster. It complements signature-based tools to help you rapidly trace complex events across multiple flows and protocols with ease, to quickly pinpoint and resolve security issues.

tracing logs

Zeek has a long, rich history that make it one of network security’s most powerful tools.

Hear our CEO Greg Bell recount the story and growth of Zeek:

Highly-structured real time network data.

If your typical response to alerts involves digging through piles of PCAP files or trying to piece together data through thin NetFlow records, there’s a better way. It’s Bro. Bro generates a wide range of rich network information, including logs for:

  • conn
  • capture loss
  • dce rpc
  • dhcp
  • dnp3
  • dns
  • dpd
  • files
  • ftp
  • http
  • intel
  • irc
  • kerberos
  • modbus
  • mysql
  • notice
  • ntlm
  • radius
  • rdp
  • sftp
  • sip
  • socks
  • smb
  • smtp
  • snmp
  • ssh
  • ssl
  • tunnel
  • weird
  • x509

Top organizations use Zeek to:

Find rogue application deployments