Zeek / Bro Community

Over the years Corelight's developers have made many important contributions to the project, including:

SMB Analyzer

This protocol analyzer parses and generates Microsoft ^® and Server Message Block (SMB) related logs, giving users visibility into critical area of typical corporate network traffic related to events such as file sharing and printer access.

Kerberos Analyzer

This protocol analyzer parses and generates logs related to the Kerberos network authentication protocol, which allows nodes in a network to authenticate and communicate over unsecured connections.

RADIUS Analyzer

This protocol analyzer parses and generates logs related to the RADIUS authentication protocol, giving visibility into network events like user authentication attempts to access a corporate network.

Long Connections Script

This Zeek / Bro script gives incident responders early visibility into long-lived connections that would otherwise not be logged until the connection ends. It does this by generating a new Zeek / Bro log that reports intermediately on long connections.

It’s hard to run open-source Zeek / Bro in an enterprise environment.

Zeek / Bro is a powerful framework, and as you’d expect with great power comes great…resource needs. From learning the Zeek / Bro framework to getting support and help when needed, open-source Zeek / Bro can be intense.

Corelight is Zeek / Bro plus awesome features.

On the other hand, Corelight is Zeek / Bro in an appliance. It comes as an out-of-band solution that’s ready to integrate into your network architecture. Corelight Sensors come pre-loaded with Zeek / Bro packages, automatic updates, and are supported by the team who created Zeek / Bro and continues to work on the open-source platform.

Corelight makes Zeek / Bro easy.

Compare Corelight to an open-source deployment. Or, contact us to learn more about our products.