Zeek Community

Over the years Corelight's developers have made many important contributions to the project, including:

SMB analyzer

This protocol analyzer parses and generates Microsoft^® and Server Message Block (SMB) related logs, giving users visibility into critical area of typical corporate network traffic related to events such as file sharing and printer access.

Kerberos analyzer

This protocol analyzer parses and generates logs related to the Kerberos network authentication protocol, which allows nodes in a network to authenticate and communicate over unsecured connections.

RADIUS analyzer

This protocol analyzer parses and generates logs related to the RADIUS authentication protocol, giving visibility into network events like user authentication attempts to access a corporate network.

Long connections script

This Zeek script gives incident responders early visibility into long-lived connections that would otherwise not be logged until the connection ends. It does this by generating a new Zeek log that reports intermediately on long connections.

It’s hard to run open-source Zeek in an enterprise environment.

Zeek is a powerful framework, and as you’d expect with great power comes great…resource needs. From learning the Zeek framework to getting support and help when needed, open-source Zeek can be intense.

Corelight is Zeek made enterprise-ready.

Corelight Sensors are an out-of-band solution that are ready to integrate into your network architecture. Sensors come pre-loaded with Zeek packages, automatic updates, and are supported by the team who created Zeek and continues to work on the open-source platform.

Corelight makes Zeek easy.

Compare Corelight to an open-source deployment. Or, contact us to learn more about our products.