Get Started

          Zeek / Bro Community

          Dedicated to Zeek / Bro for over 20 years.

          Not only did the founders and engineers at Corelight build and extend Zeek / Bro over the last two decades, we continue to dedicate significant resources toward improving the platform. The rich structured and correlated data produced by Zeek / Bro is the result of hundreds of person-years of work by a dedicated group of developers and contributors, funded in part by the National Science Foundation and ICSI.

          Vern Paxson - Zeek Inventor

          Corelight was co-founded by Zeek’s / Bro’s inventor, Vern Paxson, and lead open-source Zeek developers, Robin Sommer and Seth Hall, to meet market demand for a commercial Zeek sensor.

          Over the years Corelight's developers have made many important contributions to the project, including:

          SMB Analyzer

          This protocol analyzer parses and generates Microsoft ® and Server Message Block (SMB) related logs, giving users visibility into critical area of typical corporate network traffic related to events such as file sharing and printer access.

          Kerberos Analyzer

          This protocol analyzer parses and generates logs related to the Kerberos network authentication protocol, which allows nodes in a network to authenticate and communicate over unsecured connections.

          RADIUS Analyzer

          This protocol analyzer parses and generates logs related to the RADIUS authentication protocol, giving visibility into network events like user authentication attempts to access a corporate network.

          Long Connections Script

          This Zeek / Bro script gives incident responders early visibility into long-lived connections that would otherwise not be logged until the connection ends. It does this by generating a new Zeek / Bro log that reports intermediately on long connections.

          Vern Paxson

          Vern Paxson

          Chief Scientist

          Inventor of Zeek / Bro

          Robin Sommer

          Robin Sommer

          CTO

          Lead open-source Zeek / Bro developer

          Seth Hall

          Seth Hall

          Chief Evangelist

          Lead open-source Zeek / Bro developer

          Corelight was created to take the complexity out of Zeek / Bro deployment. Our products are up and running in about 15 minutes on your network.

          It’s hard to run open-source Zeek / Bro in an enterprise environment.

          Zeek / Bro is a powerful framework, and as you’d expect with great power comes great…resource needs. From learning the Zeek / Bro framework to getting support and help when needed, open-source Zeek / Bro can be intense.

          Corelight is Zeek / Bro plus awesome features.

          On the other hand, Corelight is Zeek / Bro in an appliance. It comes as an out-of-band solution that’s ready to integrate into your network architecture. Corelight Sensors come pre-loaded with Zeek / Bro packages, automatic updates, and are supported by the team who created Zeek / Bro and continues to work on the open-source platform.

          Corelight makes Zeek / Bro easy.

          Compare Corelight to an open-source deployment. Or, contact us to learn more about our products.

          Corelight bro comparison

          Get involved with the Zeek / Bro project.

          Start now at zeek.org.

          The Zeek / Bro open-source community website is the hub for Zeek-related activities, including:

          • Recent Zeek / Bro releases and scripts
          • Research in development
          • Tutorials and FAQs
          • Community boards
          • Videos
          Zeek / Bro project

          Attend a Zeek / Bro meetup.

          Zeek / Bro users love to get together and talk about new developments and capabilities. Check here for information on upcoming Zeek / Bro meetups, and if you'd like to host your own, let us know!

          Attend a Zeek / Bro meetup.