Zeek

Zeek is a passive network monitoring and traffic analysis framework designed for security visibility. It generates detailed logs of network activity and can extract metadata from protocols for further analysis. Zeek is highly scriptable, allowing analysts to define custom detection logic for unusual behavior or attacks. It supports integration with SIEMs, dashboards, and threat intelligence feeds for comprehensive monitoring. Zeek is widely deployed in academic, enterprise, and critical infrastructure networks to enhance situational awareness and threat detection.

Details

Deployment mode

On-premise Linux

Pricing model

Free

Open source

Organisation

Recommended by NERO

This organisation collects external/opensource solutions and training resources collected and validated by NERO partners.

Training and support

Free trial available:

Yes

Available trainings

Ratings & reviews

This solution has not been reviewed yet.