Get Started
          ig-site-zeek-logs-interlinked

          Telemetry that's rich, standardized, and profoundly connected

          When a security alert fires or when you have a problem to investigate, Zeek® helps you find the problem—faster. It complements signature-based tools to help you rapidly trace complex events across multiple flows and protocols with ease, to quickly pinpoint and resolve security incidents.

          You can do great things with Zeek evidence:

          ig-site-icon-green-check Find threats before they become a breach or compromise ig-site-icon-green-check Stop exfiltration, ransomware, or C2 attacks before impact
          ig-site-icon-green-check Speed attack investigation and remediation ig-site-icon-green-check Detect SSH client brute-force attacks
          ig-site-icon-green-check Create custom Zeek logs to fingerprint connections ig-site-icon-green-check Detect lateral movement related to SMB and DCE-RPC traffic
          ig-site-icon-green-check Use metadata for discovery and inventory   See more use cases
           

          See how Zeek works

          vid-corelight-what-is-zeek-sans-getademo
          ig-site-zeek-comparison-table

          Use open source?
          Corelight is Zeek made even better

          • Higher throughput speeds—100 Gbps+ network traffic in 1U
          • Built-in custom detections for C2, encrypted traffic
          • Rapid deployment by our responsive support team

          Compare Corelight to Zeek

          Top organizations use Zeek to:

          Find rogue application deployments

          Dramatically reduce incident response time

          Identify and filter out false positives from their IDS

          Correctly diagnose a DDoS attack

          Expand hunting capabilities

          Create custom detection scripts from the newfound visibility

          Gain visibility into internal employee application usage

          Watch Zeek logs 101

          vid-zeek-connections-log-overview
          vid-zeek-dhcp-log-overview
          vid-zeek-dns-log-overview
          vid-zeek-files-log-overview
          vid-zeek-http-log-overview
          vid-zeek-smb-files-log-overview
          vid-zeek-smb-mapping-log-overview
          vid-zeek-ssh-log-overview
          vid-zeek-ssl-log-overview
          vid-zeek-suricata-log-overview
          vid-zeek-x509-log-overview

          Free Zeek cheatsheets

          A selection of our most popular log cheatsheets.
          ig-site-zeek-logs-cheatsheet-three-pages