Zeek

https://zeek.org/

An Open Source Network Security Monitoring Tool

Basic Info

Zeek provides a comprehensive platform for network traffic analysis, with a particular focus on semantic security monitoring at scale. While often compared to classic intrusion detection/prevention systems, Zeek takes a quite different approach by providing users with a flexible framework that facilitates customized, in-depth monitoring far beyond the capabilities of traditional systems. With initial versions already in operational deployment during the mid ‘90s, Zeek finds itself grounded in more than 20 years of research.

Configuration

Additional Resources

https://github.com/zeek/zeek/wiki