Not only did the founders and engineers at Corelight build and extend Zeek over the last two decades, we continue to dedicate significant resources toward improving the platform. The rich structured and correlated data produced by Zeek is the result of hundreds of person-years of work by a dedicated group of developers and contributors, funded in part by the National Science Foundation and ICSI.
Over the years Corelight's developers have made many important contributions to the project, including:
This protocol analyzer parses and generates Microsoft® and Server Message Block (SMB) related logs, giving users visibility into critical area of typical corporate network traffic related to events such as file sharing and printer access.
This protocol analyzer parses and generates logs related to the Kerberos network authentication protocol, which allows nodes in a network to authenticate and communicate over unsecured connections.
This protocol analyzer parses and generates logs related to the RADIUS authentication protocol, giving visibility into network events like user authentication attempts to access a corporate network.
This Zeek script gives incident responders early visibility into long-lived connections that would otherwise not be logged until the connection ends. It does this by generating a new Zeek log that reports intermediately on long connections.
Inventor of Zeek
Lead open-source Zeek developer
Lead open-source Zeek developer
Zeek is a powerful framework, and as you’d expect with great power comes great…resource needs. From learning the Zeek framework to getting support and help when needed, open-source Zeek can be intense.
Corelight Sensors are an out-of-band solution that are ready to integrate into your network architecture. Sensors come pre-loaded with Zeek packages, automatic updates, and are supported by the team who created Zeek and continues to work on the open-source platform.
Compare Corelight to an open-source deployment. Or, contact us to learn more about our products.