194:
914:
182:
106:
559:
Zeek analyzers perform application layer decoding, anomaly detection, signature matching and connection analysis. Zeek's developers designed the software to incorporate additional analyzers. The latest method for creating new protocol analyzers relies on the Spicy framework.
555:
Zeek scripting language. By default Zeek logs information about events to files, but analysts can also configure Zeek to take other actions, such as sending an email, raising an alert, executing a system command, updating an internal metric, or calling another Zeek script.
547:
Zeek's event engine analyzes live or recorded network traffic to generate neutral event logs. Zeek uses common ports and dynamic protocol detection (involving signatures as well as behavioral analysis) to identify network protocols.
538:
to gain access to traffic. They deploy Zeek on servers with access to those visibility points. The Zeek software on the server deciphers network traffic as logs, writing them to local disk or remote storage.
237:
Zeek's purpose is to inspect network traffic and generate a variety of logs describing the activity it sees. A complete list of log files is available at the project documentation site.
833:
Grashöfer, Jan; Titze, Christian; Hartenstein, Hannes (2019). "Attacks on
Dynamic Protocol Detection of Open Source Network Security Monitoring Tools".
961:
956:
199:
946:
648:
509:
222:
151:
951:
941:
672:
620:
218:
210:
522:
in the 1990s, the developers ran their sensors as a pseudo-user named "zeek", thereby inspiring the name change in 2018.
85:
59:
809:
855:
745:
530:
Security teams identify locations on their network where they desire visibility. They deploy one or more
787:
514:
493:
860:
146:
693:
834:
718:
158:
126:
925:
552:
504:
The principal author, Paxson, originally named the software "Bro" as a warning regarding
773:
577:
105:
913:
723:
535:
181:
935:
505:
597:
919:
854:
Sommer, Robin (2003). "Bro: An Open Source
Network Intrusion Detection System".
769:
531:
226:
214:
163:
30:
189:
25:
518:. In 2018 the project leadership team decided to rename the software. At
135:
880:
221:. Zeek is a network security monitor (NSM) but can also be used as a
839:
119:
139:
131:
875:
519:
246:
94:
621:"Bro: A System for Detecting Network Intruders in Real-Time"
920:
Bro: A System for
Detecting Network Intruders in Real-Time
810:"Zeekurity Zen Part III: How to Send Zeek Logs to Splunk"
225:(NIDS). The Zeek project releases the software under the
907:
746:"Zeekurity Zen - Part IV: Threat Hunting with Zeek"
174:
169:
157:
145:
125:
115:
84:
58:
36:
24:
16:Unix-based network security monitoring framework
8:
551:Developers write Zeek policy scripts in the
245:The following is an example of one entry in
19:
543:Zeek application architecture and analyzers
912:
217:began development work on Zeek in 1995 at
180:
104:
18:
859:
838:
492:One of Zeek's primary use cases involves
569:
928:– KernelBlog Emre Yılmaz (in Turkish)
7:
200:Free and open-source software portal
788:"Enabling SOHO Network Monitoring"
223:network intrusion detection system
152:Network intrusion detection system
14:
908:The Zeek Network Security Monitor
694:"Zeek Script Reference Log Files"
719:"Parsing Zeek JSON Logs with JQ"
534:or enable switch SPAN ports for
192:
673:"Zeek Network Security Monitor"
649:"Bro IDS » ADMIN Magazine"
962:Software using the BSD license
744:Ooi, Eric (22 November 2023).
278:"CMreaf3tGGK2whbqhh"
219:Lawrence Berkeley National Lab
1:
717:Wright, Joshua (2019-12-09).
211:free and open-source software
808:Ooi, Eric (3 January 2019).
213:network analysis framework.
957:Intrusion detection systems
619:Paxson, Vern (1998-01-26).
290:"192.168.144.130"
249:format from the conn.log:
978:
947:Computer security software
926:Zeek Nedir? Nasıl Kurulur?
774:"Renaming the Bro Project"
476:"tunnel_parents"
464:"resp_ip_bytes"
440:"orig_ip_bytes"
314:"192.168.144.2"
80:
54:
404:"missed_bytes"
251:
65:7.0.0 / 11 July 2024
952:Unix security software
942:Free security software
392:"conn_state"
380:"resp_bytes"
368:"orig_bytes"
67:; 2 months ago
42:; 26 years ago
452:"resp_pkts"
428:"orig_pkts"
320:"id.resp_p"
308:"id.resp_h"
296:"id.orig_p"
284:"id.orig_h"
515:Nineteen Eighty-Four
494:cyber threat hunting
356:"duration"
40:24 January 1998
416:"history"
344:"service"
21:
698:Zeek Documentation
675:. 22 December 2021
26:Original author(s)
647:McCarty, Ronald.
332:"proto"
188:
187:
969:
916:
911:
910:
893:
892:
890:
889:
872:
866:
865:
863:
851:
845:
844:
842:
830:
824:
823:
821:
820:
805:
799:
798:
796:
795:
784:
778:
777:
766:
760:
759:
757:
756:
741:
735:
734:
732:
731:
714:
708:
707:
705:
704:
690:
684:
683:
681:
680:
669:
663:
662:
660:
659:
644:
638:
637:
635:
634:
625:
616:
610:
609:
607:
605:
594:
588:
587:
585:
584:
574:
483:
480:
477:
474:
471:
468:
465:
462:
459:
456:
453:
450:
447:
444:
441:
438:
435:
432:
429:
426:
423:
420:
417:
414:
411:
408:
405:
402:
399:
396:
393:
390:
387:
384:
381:
378:
375:
372:
369:
366:
363:
360:
357:
354:
351:
348:
345:
342:
339:
336:
333:
330:
327:
324:
321:
318:
315:
312:
309:
306:
303:
300:
297:
294:
291:
288:
285:
282:
279:
276:
273:
270:
267:
264:
261:
258:
255:
202:
197:
196:
195:
184:
179:
176:
127:Operating system
108:
103:
100:
98:
96:
75:
73:
68:
50:
48:
43:
22:
977:
976:
972:
971:
970:
968:
967:
966:
932:
931:
906:
905:
902:
897:
896:
887:
885:
874:
873:
869:
853:
852:
848:
832:
831:
827:
818:
816:
807:
806:
802:
793:
791:
786:
785:
781:
768:
767:
763:
754:
752:
743:
742:
738:
729:
727:
716:
715:
711:
702:
700:
692:
691:
687:
678:
676:
671:
670:
666:
657:
655:
646:
645:
641:
632:
630:
623:
618:
617:
613:
603:
601:
598:"Release 7.0.0"
596:
595:
591:
582:
580:
578:"Bro 0.3-alpha"
576:
575:
571:
566:
553:Turing complete
545:
528:
526:Zeek deployment
512:from the novel
502:
490:
485:
484:
481:
478:
475:
472:
469:
466:
463:
460:
457:
454:
451:
448:
445:
442:
439:
436:
433:
430:
427:
424:
421:
418:
415:
412:
409:
406:
403:
400:
397:
394:
391:
388:
385:
382:
379:
376:
373:
370:
367:
364:
361:
358:
355:
352:
350:"dns"
349:
346:
343:
340:
338:"udp"
337:
334:
331:
328:
325:
322:
319:
316:
313:
310:
307:
304:
301:
298:
295:
292:
289:
286:
283:
280:
277:
274:
272:"uid"
271:
268:
265:
262:
259:
256:
253:
243:
235:
198:
193:
191:
173:
111:
93:
76:
71:
69:
66:
46:
44:
41:
37:Initial release
17:
12:
11:
5:
975:
973:
965:
964:
959:
954:
949:
944:
934:
933:
930:
929:
923:
917:
901:
900:External links
898:
895:
894:
884:. 11 June 2022
867:
861:10.1.1.60.5410
846:
825:
800:
779:
772:(2018-10-11).
761:
736:
709:
685:
664:
653:ADMIN Magazine
639:
611:
600:. 11 July 2024
589:
568:
567:
565:
562:
544:
541:
536:port mirroring
527:
524:
501:
498:
489:
488:Threat hunting
486:
422:"Dd"
398:"SF"
257:"ts"
252:
242:
239:
234:
231:
204:
203:
186:
185:
171:
167:
166:
161:
155:
154:
149:
143:
142:
129:
123:
122:
117:
113:
112:
110:
109:
90:
88:
82:
81:
78:
77:
64:
62:
60:Stable release
56:
55:
52:
51:
38:
34:
33:
28:
15:
13:
10:
9:
6:
4:
3:
2:
974:
963:
960:
958:
955:
953:
950:
948:
945:
943:
940:
939:
937:
927:
924:
922:– Vern Paxson
921:
918:
915:
909:
904:
903:
899:
883:
882:
877:
871:
868:
862:
857:
850:
847:
841:
836:
829:
826:
815:
811:
804:
801:
789:
783:
780:
775:
771:
765:
762:
751:
747:
740:
737:
726:
725:
720:
713:
710:
699:
695:
689:
686:
674:
668:
665:
654:
650:
643:
640:
629:
622:
615:
612:
599:
593:
590:
579:
573:
570:
563:
561:
557:
554:
549:
542:
540:
537:
533:
525:
523:
521:
517:
516:
511:
507:
506:George Orwell
499:
497:
495:
487:
250:
248:
240:
238:
232:
230:
228:
224:
220:
216:
212:
208:
201:
190:
183:
178:
172:
168:
165:
162:
160:
156:
153:
150:
148:
144:
141:
137:
133:
130:
128:
124:
121:
118:
114:
107:
102:
92:
91:
89:
87:
83:
79:
63:
61:
57:
53:
39:
35:
32:
29:
27:
23:
886:. Retrieved
879:
870:
849:
828:
817:. Retrieved
813:
803:
792:. Retrieved
790:. 2020-04-07
782:
770:Paxson, Vern
764:
753:. Retrieved
749:
739:
728:. Retrieved
722:
712:
701:. Retrieved
697:
688:
677:. Retrieved
667:
656:. Retrieved
652:
642:
631:. Retrieved
627:
614:
602:. Retrieved
592:
581:. Retrieved
572:
558:
550:
546:
532:network taps
529:
513:
503:
491:
244:
236:
206:
205:
72:11 July 2024
510:Big Brother
241:Log example
227:BSD license
215:Vern Paxson
164:BSD license
31:Vern Paxson
936:Categories
888:2022-08-01
840:1912.03962
819:2022-08-01
794:2022-08-01
755:2023-11-20
730:2022-08-01
703:2022-08-01
679:2022-08-01
658:2023-07-06
633:2022-08-01
583:2022-08-01
564:References
263:1554410064
116:Written in
86:Repository
47:1998-01-24
856:CiteSeerX
604:27 August
814:Eric Ooi
750:Eric Ooi
362:0.320463
876:"Spicy"
266:.698965
170:Website
159:License
136:FreeBSD
70: (
45: (
881:GitHub
858:
628:USENIX
233:Output
95:github
835:arXiv
624:(PDF)
302:64277
209:is a
140:macOS
132:Linux
101:/zeek
99:/zeek
724:SANS
606:2024
520:LBNL
500:Name
247:JSON
207:Zeek
177:.org
175:zeek
147:Type
97:.com
20:Zeek
508:'s
470:372
446:150
386:316
120:C++
938::
878:.
812:.
748:.
721:.
696:.
651:.
626:.
496:.
374:94
326:53
229:.
138:,
134:,
891:.
864:.
843:.
837::
822:.
797:.
776:.
758:.
733:.
706:.
682:.
661:.
636:.
608:.
586:.
482:}
479::
473:,
467::
461:,
458:2
455::
449:,
443::
437:,
434:2
431::
425:,
419::
413:,
410:0
407::
401:,
395::
389:,
383::
377:,
371::
365:,
359::
353:,
347::
341:,
335::
329:,
323::
317:,
311::
305:,
299::
293:,
287::
281:,
275::
269:,
260::
254:{
74:)
49:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
