An Open Source Network Security Monitoring Tool

Zeek (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open source, and powered by defenders.

ZEEK AND YE SHALL FIND

Those who know security use Zeek.

Zeek has a long history in the open source and digital security worlds. Vern Paxson began developing the project in the 1990s under the name “Bro” as a means to understand what was happening on his university and national laboratory networks. Vern and the project’s leadership team renamed Bro to Zeek in late 2018 to celebrate its expansion and continued development. 

Zeek is not an active security device, like a firewall or intrusion prevention system. Rather, Zeek sits on a “sensor,” a hardware, software, virtual, or cloud platform that quietly and unobtrusively observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs, file content, and fully customized output, suitable for manual review on disk or in a more analyst-friendly tool like a security and information event management (SIEM) system.

BY THE NUMBERS 50+ log files provided by default

3000+ underlying network events tracked

10,000+ deployments worldwide

2900+ GitHub stars

20+ years of federally-funded R&D

110+ community-contributed packages

Connect

Learn how to get involved in Zeek’s friendly and rapidly-growing community!

The project welcomes contributions of all kinds: documentation, code, feature requests, offers to spread the word about Zeek… even cupcakes!

Let’s talk.