Zeek

zeek.org
Zeek Icon

Zeek (formally Bro) Passively monitors network traffic and looks for suspicious activity.

Open Source

Zeek Source Code

Author

zeek

Description

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

#bro#dfir#network-monitoring#nsm#pcap#security#zeek

Homepage

https://www.zeek.org

License

NOASSERTION

Created

06 Jul 12

Last Updated

29 Nov 24

Latest version

v7.1.0-dev

Primary Language

C++

Size

175,101 KB

Stars

6,489

Forks

1,223

Watchers

6,489

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • zeek-bot (28 Nov 24)

    Update doc submodule [nomail] [skip ci]

  • Tim Wojtulewicz (27 Nov 24)

    Merge remote-tracking branch 'origin/topic/johanna/jq-guard' * origin/topic/johanna/jq-guard: Add TEST-REQUIRES: which jq to two new tests that are using jq

  • Johanna Amann (27 Nov 24)

    Add TEST-REQUIRES: which jq to two new tests that are using jq

  • Johanna Amann (27 Nov 24)

    Merge remote-tracking branch 'origin/topic/johanna/modbus-test-comment' * origin/topic/johanna/modbus-test-comment: Explain why modbus test does not work with the Spicy SSL analyzer

  • Johanna Amann (27 Nov 24)

    Explain why modbus test does not work with the Spicy SSL analyzer This took a _long_ time to figure out.

  • Johanna Amann (27 Nov 24)

    Merge remote-tracking branch 'origin/topic/johanna/sqlite-pragmas' * origin/topic/johanna/sqlite-pragmas: Options for SQLite log writer, eliminate duplicate definitions Test synchronous/journal mode options for SQLite log writer Added default options for synchronous and journal mode Support for synchronous and journal_mode

  • zeek-bot (27 Nov 24)

    Update doc submodule [nomail] [skip ci]

  • Arne Welzel (26 Nov 24)

    Merge remote-tracking branch 'origin/topic/awelzel/pluggable-cluster-backends-part2' * origin/topic/awelzel/pluggable-cluster-backends-part2: ci/test.sh: Run doctest with TZ=UTC cluster/setup-connections: Switch to Cluster::subscribe(), short-circuit broker cluster/serializer: Add Broker based event serializers cluster: Add Cluster scoped bifs Reporter: Add ScriptLocationScope helper init-bare/zeek-setup: Add Cluster::backend const &redef broker: Implement cluster::Backend interface Broker: Fix some error messages broker: Remove MakeEvent(ArgsSpan)

  • Johanna Amann (26 Nov 24)

    Options for SQLite log writer, eliminate duplicate definitions Patch provided by Arne Welzel, see GH-4063

  • Johanna Amann (26 Nov 24)

    Update 3dparty submodule [nomail]

  • Arne Welzel (26 Nov 24)

    Merge remote-tracking branch 'origin/topic/vern/zam-exception-leaks' * origin/topic/vern/zam-exception-leaks: More robust memory management for ZAM execution - fixes #4052

  • Vern Paxson (22 Nov 24)

    More robust memory management for ZAM execution - fixes #4052

  • Johanna Amann (26 Nov 24)

    Merge remote-tracking branch 'origin/topic/johanna/sqlite3.47.1' * origin/topic/johanna/sqlite3.47.1: Update SQLite to 3.47.1

  • Arne Welzel (26 Nov 24)

    Merge remote-tracking branch 'origin/topic/awelzel/deprecate-val-list-to-args' * origin/topic/awelzel/deprecate-val-list-to-args: ZeekArgs: Deprecate val_list_to_args()

  • Johanna Amann (26 Nov 24)

    Test synchronous/journal mode options for SQLite log writer Also adds some small tweaks and adds the new feature to NEWS.

  • Arne Welzel (13 Nov 24)

    ci/test.sh: Run doctest with TZ=UTC Broker's JSON serialization is TZ dependent (which seems a bug). For now do the same as we do in btest.cfg and run doctests with TZ set to UTC. Reported in zeek/broker#434.

  • Arne Welzel (13 Nov 24)

    cluster/setup-connections: Switch to Cluster::subscribe(), short-circuit broker For the time being, this is easiest, otherwise we'd need to conditionally load a broker-specific policy script based on Cluster::backend being set.

  • Arne Welzel (13 Nov 24)

    cluster/serializer: Add Broker based event serializers This adds the first event serializers that use broker functionality. Binary and JSON formats.

  • Arne Welzel (13 Nov 24)

    cluster: Add Cluster scoped bifs ... and a broker based test using Cluster::publish() and Cluster::subscribe().

  • Arne Welzel (26 Nov 24)

    Reporter: Add ScriptLocationScope helper

  • Arne Welzel (13 Nov 24)

    init-bare/zeek-setup: Add Cluster::backend const &redef

  • Arne Welzel (22 Nov 24)

    broker: Implement cluster::Backend interface

  • Arne Welzel (22 Nov 24)

    Broker: Fix some error messages

  • Arne Welzel (22 Nov 24)

    broker: Remove MakeEvent(ArgsSpan) This was added previously in the 7.1 cycle. Now that MakeEvent() was removed from cluster::Backend, there's no need for Broker to provide this version.

  • Mymaqn (30 Oct 24)

    Added default options for synchronous and journal mode Added enum options SQLITE_SYNCHRONOUS_DEFAULT and SQLITE_JOURNAL_MODE_DEFAULT and changed the default to be these instead.

  • Mymaqn (24 Oct 24)

    Support for synchronous and journal_mode

  • Johanna Amann (26 Nov 24)

    Update SQLite to 3.47.1

  • zeek-bot (23 Nov 24)

    Update doc submodule [nomail] [skip ci]

  • Arne Welzel (22 Nov 24)

    Merge remote-tracking branch 'origin/topic/awelzel/test-init-hooks-plugin' * origin/topic/awelzel/test-init-hooks-plugin: btest/plugins: Add a plugin testing Init and Done hooks

  • Arne Welzel (22 Nov 24)

    Merge remote-tracking branch 'origin/topic/awelzel/skip-core-expr-error' * origin/topic/awelzel/skip-core-expr-error: Disable core.expr-execption btest under ZAM to fix CI builds

Zeek Website

Website

The Zeek Network Security Monitor

Zeek (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open source, and powered by defenders.

Redirects

Does not redirect

Security Checks

All 66 security checks passed

Server Details

  • IP Address 192.0.78.212
  • Location San Francisco, California, United States of America, NA
  • ISP Automattic Inc
  • ASN AS2635

Associated Countries

  • US

Saftey Score

Website marked as safe

100%

Blacklist Check

zeek.org was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Zeek Reviews

More Intrusion Detection

About the Data: Zeek

API

You can access Zeek's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/intrusion-detection/zeek

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Zeek

Help your friends compare Intrusion Detection, and pick privacy-respecting software and services.
Share Zeek and Awesome Privacy with your network!

View Intrusion Detection (5)