Thousands of organizations around the world depend on the Zeek Network Security Monitor to illuminate and secure their networks, including:

Amazon icon
Emerson icon
Mozilla icon

Security possibilities limited only by your imagination.

What if you could see every significant event on the wire and automate analysis and alerting tasks against any behaviors or indicator of compromise you wanted? With Zeek, you can do amazing things like:

  • Identify Cyrillic keyboard usage in your environment
  • Easily investigate and document unauthorized SMB file access events
  • Detect cryptocurrency mining traffic
  • And much, much more….

See more use cases

Cyrillic icon
SMB icon
Bitcoin icon
Alert icon

Case StudyFind out why Zeek is an unrivaled threat hunting tool.

A law firm purchased Corelight to make Zeek deployment easy, and used their newfound network visibility to unlock new threat hunting capabilities.

Download case study

Image for Find out why Zeek is an unrivaled threat hunting tool.

Join the data-first revolution in network security design.

Leading security organizations use Zeek as the foundational layer in a network architecture that provides complete, actionable network visibility that can be deployed in any network environment and centralizes data in a common repository (e.g., a SIEM).

Compared to network architectures where visibility is limited and decentralized, this data-first design pattern can dramatically accelerate security operations and analytics. Learn how.

Government Security Stack

Our family of sensors simplify deploying Zeek at any scale.

CSO Magazine reviewed Corelight Sensors and called them “a network security person’s dream”, noting that Corelight “transforms network data adding value and detail that you won’t get anywhere else.” Read more.

The features you wish open-source Zeek had.

Clock icon
Splunk icon
Elastic icon
Kafka icon
Target icon
  • Simple 15 minute, plug-and-play deployments with intuitive web interface for configuration and sensor monitoring
  • Out-of-the-box integration with your favorite tools, like Splunk, Elastic, Kafka and more...
  • Activate Corelight-verified Zeek packages with one click for additional traffic insights, like cryptocurrency mining activity alerts
  • Easily filter out unneeded Zeek logs to control traffic volumes to your SIEM