Top 14 zeek open source projects

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Zeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol

A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.

Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)

A Python application to filter and transfer Zeek logs to Elastic/OpenSearch. This app can also output pure JSON logs to stdout for further processing!

Zeek IDS Dockerfile

BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

setup zeek, previously Bro IDS

This project is a SIEM with SIRP and Threat Intel, all in one.

Zeek network security monitor plugin that enables parsing of the S7 protocol

Bro IDS + ELK Stack to detect and block data exfiltration

Documentation for Zeek