An Open Source Network Security Monitoring Tool
ZEEK AND YE SHALL FIND
Those who know security use Zeek.
Zeek has a long history in the open source and digital security worlds. Vern Paxson began developing the project in the 1990s under the name “Bro” as a means to understand what was happening on his university and national laboratory networks. Vern and the project’s leadership team renamed Bro to Zeek in late 2018 to celebrate its expansion and continued development.
Zeek is not an active security device, like a firewall or intrusion prevention system. Rather, Zeek sits on a “sensor,” a hardware, software, virtual, or cloud platform that quietly and unobtrusively observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs, file content, and fully customized output, suitable for manual review on disk or in a more analyst-friendly tool like a security and information event management (SIEM) system.
3000+ underlying network events tracked
10,000+ deployments worldwide
2900+ GitHub stars
20+ years of federally-funded R&D
110+ community-contributed packages
Learn how to get involved in Zeek’s friendly and rapidly-growing community!
The project welcomes contributions of all kinds: documentation, code, feature requests, offers to spread the word about Zeek… even cupcakes!