Zeek

zeek.org Server/ VM/ Pi

Awesome Privacy ➔ Networking ➔ Intrusion Detection ➔ Zeek

Zeek (formally Bro) Passively monitors network traffic and looks for suspicious activity.

Homepage: zeek.org
GitHub: github.com/zeek/zeek
Web info: web-check.xyz/results/zeek.org

Open Source

Zeek Source Code

Author

zeek

Description

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

#bro#dfir#network-monitoring#nsm#pcap#security#zeek

Homepage

https://www.zeek.org

License

NOASSERTION

Created

06 Jul 12

Last Updated

28 Mar 24

Latest version

v7.0.0-dev

Primary Language

C++

Size

160,192 KB

Stars

5,859

Forks

1,155

Watchers

5,859

Language Usage

Star History

Top Contributors

@jsiwek (3434)
@rsmmr (2726)
@timwoj (1969)
@0xxon (1772)
@awelzel (937)
@vpax (814)
@ckreibich (552)
@grigorescu (282)
@zeek-bot (253)
@sethhall (181)
@MaxKellermann (172)
@bbannier (133)
@mavam (129)
@Neverlord (103)
@J-Gras (102)
@srunnels (52)
@mauropalumbo75 (51)
@JustinAzoff (26)
@FlyingWithJerome (24)
@jsoref (21)
@eladsolomon-ms (21)
@leres (20)
@cstruck (17)
@dnthayer (17)
@ynadji (16)
@AmazingPP (15)
@devbali (14)
@1wilkens (14)
@fatemabw (13)
@jbencteux (12)

Recent Commits

Robin Sommer (25 Mar 24)
Merge remote-tracking branch 'origin/topic/robin/bump-spicy' * origin/topic/robin/bump-spicy: Bump Spicy to current `main`.
Robin Sommer (25 Mar 24)
Bump Spicy to current `main`.
Tim Wojtulewicz (19 Mar 24)
Merge remote-tracking branch 'origin/topic/vern/fine-grained-ZAM-profiling' * origin/topic/vern/fine-grained-ZAM-profiling: tie into updates to gen-zam ZAM documentation updated to reflect finer-grained profiling ZAM-specific BTest baseline changes for tweak to how ZAM bodies print BTest baseline changes for tweak to how ZAM bodies print ZAM execution changes to support richer profiling use richer block-aware location information for ZAM instructions better isolation of ZAM instruction elements hooks for tracking extended ZAM profiling location framework for --enable-ZAM-profiling configuration profiles go to zprof.log rather than stdout ZAM classes in support of finer-grained profiling refined ZAM function profiling to include (correct) statement line number blocks avoid potentially expensive mallinfo() call if result won't be used
Vern Paxson (10 Mar 24)
tie into updates to gen-zam
Vern Paxson (10 Mar 24)
ZAM documentation updated to reflect finer-grained profiling
Vern Paxson (10 Mar 24)
ZAM-specific BTest baseline changes for tweak to how ZAM bodies print
Vern Paxson (10 Mar 24)
BTest baseline changes for tweak to how ZAM bodies print
Vern Paxson (10 Mar 24)
ZAM execution changes to support richer profiling
Vern Paxson (10 Mar 24)
use richer block-aware location information for ZAM instructions
Vern Paxson (10 Mar 24)
better isolation of ZAM instruction elements hooks for tracking extended ZAM profiling location
Vern Paxson (10 Mar 24)
framework for --enable-ZAM-profiling configuration profiles go to zprof.log rather than stdout
Vern Paxson (10 Mar 24)
ZAM classes in support of finer-grained profiling
Vern Paxson (10 Mar 24)
refined ZAM function profiling to include (correct) statement line number blocks
Vern Paxson (10 Mar 24)
avoid potentially expensive mallinfo() call if result won't be used
Tim Wojtulewicz (19 Mar 24)
Merge remote-tracking branch 'origin/topic/timw/fix-std-function-stmt' * origin/topic/timw/fix-std-function-stmt: Remove variant from StdFunctionStmt
Tim Wojtulewicz (19 Mar 24)
Remove variant from StdFunctionStmt The variant ended up conflicting with std::bind, which resulted in failures on the btest invoking it. Change back to a single function that takes a flow, and default it to a value in Exec.
Tim Wojtulewicz (18 Mar 24)
Merge remote-tracking branch 'origin/topic/timw/std-function-event-handler' * origin/topic/timw/std-function-event-handler: Add a method to register an event handler to a std::function via C++
Tim Wojtulewicz (08 Mar 24)
Add a method to register an event handler to a std::function via C++
Tim Wojtulewicz (18 Mar 24)
Merge remote-tracking branch 'origin/topic/neverlord/broker-bump' * origin/topic/neverlord/broker-bump: Update Broker submodule
Dominik Charousset (24 Feb 24)
Update Broker submodule
Arne Welzel (18 Mar 24)
Merge remote-tracking branch 'origin/topic/awelzel/remove-superflous-aws-ecr-username' * origin/topic/awelzel/remove-superflous-aws-ecr-username: cirrus: Remove misleading and always empty AWS_ECR_USERNAME
Arne Welzel (18 Mar 24)
cirrus: Remove misleading and always empty AWS_ECR_USERNAME
Arne Welzel (18 Mar 24)
Merge remote-tracking branch 'origin/topic/awelzel/3442-evt-port-deprecation' * origin/topic/awelzel/3442-evt-port-deprecation: btest/spicy: Remove most port usages spicy: Deprecate port/ports in .evt files
Arne Welzel (18 Mar 24)
Merge remote-tracking branch 'origin/topic/awelzel/generate-docs-spicy-pygments-use-cached' * origin/topic/awelzel/generate-docs-spicy-pygments-use-cached: Update doc submodule
Arne Welzel (18 Mar 24)
Update doc submodule For spicy-pygments.py sync.
Arne Welzel (18 Mar 24)
github/generate-docs: Only commit if there are staged changes git diff-index by default includes staged and non-staged changes. The autogen-spicy-docs script copies over spicy-pygments.py from the Spicy tree into doc/ext. The job would attempt to commit scripts and script-reference even though nothing actually is staged when a spurious diff existed in ext/spicy-pygments.py. Guard from this by using --cached.
Robin Sommer (16 Mar 24)
Merge remote-tracking branch 'origin/topic/robin/binary-build-fix' * origin/topic/robin/binary-build-fix: Add a CI test with the same options as we used for binary builds. Fix binary build of `spicyz`.
Robin Sommer (16 Mar 24)
Merge remote-tracking branch 'origin/topic/robin/bump-spicy-raw-pointers' * origin/topic/robin/bump-spicy-raw-pointers: Bump Spicy to latest version reworking AST memory management.
Robin Sommer (15 Mar 24)
Bump Spicy to latest version reworking AST memory management. Includes the necessary Zeek-side changes. Goes with https://github.com/zeek/spicy/pull/1691.
Christian Kreibich (15 Mar 24)
Merge remote-tracking branch 'origin/topic/timw/ci-remove-centos7-debian10' * origin/topic/timw/ci-remove-centos7-debian10: CI: Remove CentOS 7 and Debian 10 builds

Zeek Website

Website

The Zeek Network Security Monitor

Zeek (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open source, and powered by defenders.

Redirects

Does not redirect

Security Checks

All 66 security checks passed

Server Details

IP Address 192.0.78.212
Location San Francisco, California, United States of America, NA
ISP Automattic Inc
ASN AS2635

Associated Countries

Saftey Score

Website marked as safe

100%

Blacklist Check

zeek.org was found on 0 blacklists

ThreatLog
OpenPhish
PhishTank
Phishing.Database
PhishStats
URLhaus
RPiList Not Serious
AntiSocial Blacklist
PhishFeed
NABP Not Recommended Sites
Spam404
CRDF
Artists Against 419
CERT Polska
PetScams
Suspicious Hosting IP
Phishunt
CoinBlockerLists
MetaMask EthPhishing
EtherScamDB
EtherAddressLookup
ViriBack C2 Tracker
Bambenek Consulting
Badbitcoin
SecureReload Phishing List
Fake Website Buster
TweetFeed
CryptoScamDB
StopGunScams
ThreatFox
PhishFort

Website Preview

View full report at
web-check.xyz

Zeek Reviews

More Intrusion Detection

OSSEC

(Server)
ossec.net

OSSEC is an Open Source host-based intrusion detection system, that performs log analysis, integrity checking, monitoring, rootkit detection, real-time alerting and active response.

Open Source ossec/ossec-hids

View OSSEC Report
Kismet

(Hardware)
kismetwireless.net

An 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

Open Source kismetwireless/kismet

View Kismet Report
Snare

(Server)
snaresolutions.com/products/snare-central

SNARE (System iNtrusion Analysis and Reporting Environment) is a series of log collection agents that facilitate centralized analysis of audit log data. Logs from the OS are collected and audited. Full remote access, through a web interface easy to use manually, or by an automated process.

Not Open Source

View Snare Report
picosnitch

(Linux)
elesiuta.github.io/picosnitch

picosnitch helps protect your security and privacy by "snitching" on anything that connects to the internet, letting you know when, how much data was transferred, and to where. It uses BPF to monitor network traffic per application, and per parent to cover those that just call others. It also hashes every executable, and will complain if some mischievous program is giving it trouble.

Open Source elesiuta/picosnitch

View picosnitch Report

About the Data: Zeek

API

You can access Zeek's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/intrusion-detection/zeek

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Zeek

Help your friends compare Intrusion Detection, and pick privacy-respecting software and services.
Share Zeek and Awesome Privacy with your network!

View Intrusion Detection (5)

OSSEC

Awesome Privacy