Compare to open source Zeek

Corelight makes Zeek easier, faster, and even more powerful.

Minutes not months to full-scale Zeek deployment. Powerful encrypted insights that go well beyond JA3. Up to ten times the peak analysis throughput per sensor. Enterprise support from the people who wrote Zeek.

Products compare data
Features & Benefits
Open-source Zeek
SENSORS
Physical Sensors
Yes
DIY hardware purchase/build
Virtual Sensors for VMware & Hyper-V
Yes
No
Cloud Sensors for AWS, Azure, GCP
Yes
No
Binary Sensors for containers & Linux environments
Yes
DIY manual configuration
ENCRYPTED INSIGHTS
Corelight Encrypted Traffic Collection
Yes
No
JA3 / JA3S
Yes
Yes
HASSH
Yes
Yes
SURICATA
Natively integrated
Yes
No
PERFORMANCE
25+ Gbps per 1U sensor
Yes
3-4 Gbps max per sensor cluster
Optimized file extraction (10,000+ files/minute)
Yes
No
Performance monitoring
Yes
No
< 1% packet loss rate
Yes
Variable, risk of > 50% loss
MANAGEMENT
Deployed in <15 minutes
Yes
Deployment takes weeks to months
Web management interface
Yes
Command line only
Automatic software updates
Yes
Manual
Fleet management for up to 250 sensors
Yes
No
Comprehensive sensor health monitoring
Yes
No
RESTful API support
Yes
No
1-click package installation
Yes
Manual
DATA EXPORT
Export integration with SIEMs
Yes
Manual integration
Kafka, syslog, Amazon Kinesis, Apache Avro, SFTP
Yes
Writes to files on disk
Default log streaming
Yes
Manual
Log stream forking to multiple destinations
Yes
No
DATA CONTROL
Log data reduction mode (30-50% reduction)
Yes
No
Filter by log type and contents
Yes
Manual
Filter by file type
Yes
No
Traffic shunting for large & long running flows
Yes
No
SECURITY & SUPPORT
Jailed processes
Yes
No
FIPS 140-2
Yes
No
Automatic security updates
Yes
No
Disk encryption
Yes
Manual
24/7 enterprise support from Zeek experts
Yes
No
ZEEK FUNCTIONALITY
Logging
Yes
Yes
File extraction
Yes
Yes
Package manager
Yes
Yes
Zeek Intel Framework
Yes
Yes
Zeek Input Framework
Yes
Yes
Zeek NetControl Framework
No
Yes
Zeek Notice Framework
Yes
Yes
Zeek PCAP Ingestion
Yes
Yes
SENSORS
Corelight logo
Open-Source Zeek / Bro
Physical Sensors
Corelight logo
Yes
Open-Source Zeek / Bro
DIY hardware purchase/build
Virtual Sensors for VMware & Hyper-V
Corelight logo
Yes
Open-Source Zeek / Bro
No
Cloud Sensors for AWS, Azure, GCP
Corelight logo
Yes
Open-Source Zeek / Bro
No
Binary Sensors for containers & Linux environments
Corelight logo
Yes
Open-Source Zeek / Bro
DIY manual configuration
ENCRYPTED INSIGHTS
Corelight logo
Open-Source Zeek / Bro
Corelight Encrypted Traffic Collection
Corelight logo
Yes
Open-Source Zeek / Bro
No
JA3 / JA3S
Corelight logo
Yes
Open-Source Zeek / Bro
Yes
HASSH
Corelight logo
Yes
Open-Source Zeek / Bro
Yes
SURICATA
Corelight logo
Open-Source Zeek / Bro
Natively integrated
Corelight logo
Yes
Open-Source Zeek / Bro
No
PERFORMANCE
Corelight logo
Open-Source Zeek / Bro
25+ Gbps per 1U sensor
Corelight logo
Yes
Open-Source Zeek / Bro
3-4 Gbps max per sensor cluster
Optimized file extraction (10,000+ files/minute)
Corelight logo
Yes
Open-Source Zeek / Bro
No
Performance monitoring
Corelight logo
Yes
Open-Source Zeek / Bro
No
< 1% packet loss rate
Corelight logo
Yes
Open-Source Zeek / Bro
Variable, risk of > 50% loss
MANAGEMENT
Corelight logo
Open-Source Zeek / Bro
Deployed in <15 minutes
Corelight logo
Yes
Open-Source Zeek / Bro
Deployment takes weeks to months
Web management interface
Corelight logo
Yes
Open-Source Zeek / Bro
Command line only
Automatic software updates
Corelight logo
Yes
Open-Source Zeek / Bro
Manual
Fleet management for up to 250 sensors
Corelight logo
Yes
Open-Source Zeek / Bro
No
Comprehensive sensor health monitoring
Corelight logo
Yes
Open-Source Zeek / Bro
No
RESTful API support
Corelight logo
Yes
Open-Source Zeek / Bro
No
1-click package installation
Corelight logo
Yes
Open-Source Zeek / Bro
Manual
DATA EXPORT
Corelight logo
Open-Source Zeek / Bro
Export integration with SIEMs
Corelight logo
Yes
Open-Source Zeek / Bro
Manual integration
Kafka, syslog, Amazon Kinesis, Apache Avro, SFTP
Corelight logo
Yes
Open-Source Zeek / Bro
Writes to files on disk
Default log streaming
Corelight logo
Yes
Open-Source Zeek / Bro
Manual
Log stream forking to multiple destinations
Corelight logo
Yes
Open-Source Zeek / Bro
No
DATA CONTROL
Corelight logo
Open-Source Zeek / Bro
Log data reduction mode (30-50% reduction)
Corelight logo
Yes
Open-Source Zeek / Bro
No
Filter by log type and contents
Corelight logo
Yes
Open-Source Zeek / Bro
Manual
Filter by file type
Corelight logo
Yes
Open-Source Zeek / Bro
No
Traffic shunting for large & long running flows
Corelight logo
Yes
Open-Source Zeek / Bro
No
SECURITY & SUPPORT
Corelight logo
Open-Source Zeek / Bro
Jailed processes
Corelight logo
Yes
Open-Source Zeek / Bro
No
FIPS 140-2
Corelight logo
Yes
Open-Source Zeek / Bro
No
Automatic security updates
Corelight logo
Yes
Open-Source Zeek / Bro
No
Disk encryption
Corelight logo
Yes
Open-Source Zeek / Bro
Manual
24/7 enterprise support from Zeek experts
Corelight logo
Yes
Open-Source Zeek / Bro
No
ZEEK FUNCTIONALITY
Corelight logo
Open-Source Zeek / Bro
Logging
Corelight logo
Yes
Open-Source Zeek / Bro
Yes
File extraction
Corelight logo
Yes
Open-Source Zeek / Bro
Yes
Package manager
Corelight logo
Yes
Open-Source Zeek / Bro
Yes
Zeek Intel Framework
Corelight logo
Yes
Open-Source Zeek / Bro
Yes
Zeek Input Framework
Corelight logo
Yes
Open-Source Zeek / Bro
Yes
Zeek NetControl Framework
Corelight logo
No
Open-Source Zeek / Bro
Yes
Zeek Notice Framework
Corelight logo
Yes
Open-Source Zeek / Bro
Yes
Zeek PCAP Ingestion
Corelight logo
Yes
Open-Source Zeek / Bro
Yes