Network security monitoring framework for high-volume application-layer traffic analysis
- Stars7.7k
- Forks1.4k
- Open Issues241
Other
- C++
- Zeek
- CMake
About Zeek
Zeek is a network traffic analysis and security monitoring framework. It gives defenders application-layer visibility and a high-level record of everything happening on a network, rather than locking them into a fixed set of detection signatures.
It watches live traffic and turns it into structured logs, with analyzers that understand many protocols. A domain-specific scripting language lets teams encode site-specific monitoring policies and react to events in real time, keeping rich application-layer state as connections unfold.
Because it focuses on high-level semantic analysis instead of pattern matching, it scales to high-performance networks and feeds threat hunting, forensics, and SIEM pipelines. It runs on Linux and other Unix-like systems under a BSD license.
Key features
- Turns live traffic into structured, high-level logs
- Protocol analyzers for application-layer visibility
- Domain-specific scripting for custom monitoring policies
- Keeps rich connection and application-layer state
- Scales to high-throughput networks
Details
- On GitHub since
- 2012
- License
- BSD
- Platforms
- Linux · Unix
- Analysis
- Application-layer semantic analysis
- Scripting
- Domain-specific language
- Output
- Structured network logs