The Bro Network Security monitor is now...

Zeek

Security's best-kept open-source secret has a new name — Zeek. Read about the Zeek Project's reasons for the name change or watch the reveal.

Zeek and ye shall find!

Zeek

Scripts + Resources

Zeek packages / scripts

Corelight Sensors come pre-loaded with a set of the most popular and useful Zeek packages (a Zeek package is a script with metadata), to get you up and running in minutes. But sometimes you want to add extra functionality or customization. These Zeek scripts have been vetted and tested for performance by the Corelight team.

HTTP stalling detector script

Detects HTTP stalling DoS attacks, such as Slowloris.

Download
Top DNS script

Logs the top DNS requests at a configurable interval (15 min. default).

Download
JA3 script

Generates SSL client fingerprints and logs them as a new field in the ssl.log.

Download
Unknown MIME type discovery script

Logs files without known MIME types.

Download
Image for Zeek logs: a selection
Resource

Zeek logs: a selection

Contains a selection of the most popular Zeeks logs, alphabetized and formatted for easy reference. Also includes key SMB logs for Microsoft® platforms.

Download