Get Started

          Thousands of organizations around the world depend on the Zeek Network Security Monitor to illuminate and secure their networks, including:

          Amazon icon
          Emerson icon
          Mozilla icon

          Security possibilities limited only by your imagination.

          What if you could see every significant event on the wire and automate analysis and alerting tasks against any behaviors or indicator of compromise you wanted? With Zeek, you can do amazing things like:

          • Identify Cyrillic keyboard usage in your environment
          • Easily investigate and document unauthorized SMB file access events
          • Detect cryptocurrency mining traffic
          • And much, much more….

          See more use cases

          Cyrillic icon
          SMB icon
          Bitcoin icon
          Alert icon

          Case StudyFind out why Zeek is an unrivaled threat hunting tool.

          A law firm purchased Corelight to make Zeek deployment easy, and used their newfound network visibility to unlock new threat hunting capabilities.

          Download case study

          Image for Find out why Zeek is an unrivaled threat hunting tool.

          Join the data-first revolution in network security design.

          Leading security organizations use Zeek as the foundational layer in a network architecture that provides complete, actionable network visibility that can be deployed in any network environment and centralizes data in a common repository (e.g., a SIEM).

          Compared to network architectures where visibility is limited and decentralized, this data-first design pattern can dramatically accelerate security operations and analytics. Learn how.

          Government Security Stack

          Our family of sensors simplify deploying Zeek at any scale.

          CSO Magazine reviewed Corelight Sensors and called them “a network security person’s dream”, noting that Corelight “transforms network data adding value and detail that you won’t get anywhere else.” Read more.

          The features you wish open-source Zeek had.

          Clock icon
          Splunk icon
          Elastic icon
          Kafka icon
          Target icon
          • Simple 15 minute, plug-and-play deployments with intuitive web interface for configuration and sensor monitoring
          • Out-of-the-box integration with your favorite tools, like Splunk, Elastic, Kafka and more...
          • Activate Corelight-verified Zeek packages with one click for additional traffic insights, like cryptocurrency mining activity alerts
          • Easily filter out unneeded Zeek logs to control traffic volumes to your SIEM