Zeek

zeek.org Server/ VM/ Pi

Awesome Privacy ➔ Networking ➔ Intrusion Detection ➔ Zeek

Zeek (formally Bro) Passively monitors network traffic and looks for suspicious activity.

Homepage: zeek.org
GitHub: github.com/zeek/zeek
Web info: web-check.xyz/results/zeek.org

Open Source

Zeek Source Code

Author

zeek

Description

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

#bro#dfir#network-monitoring#nsm#pcap#security#zeek

Homepage

https://www.zeek.org

License

NOASSERTION

Created

06 Jul 12

Last Updated

05 Apr 24

Latest version

v7.0.0-dev

Primary Language

C++

Size

160,923 KB

Stars

5,886

Forks

1,159

Watchers

5,886

Language Usage

Star History

Top Contributors

@jsiwek (3434)
@rsmmr (2726)
@timwoj (1972)
@0xxon (1775)
@awelzel (937)
@vpax (815)
@ckreibich (556)
@grigorescu (282)
@zeek-bot (253)
@sethhall (181)
@MaxKellermann (172)
@bbannier (133)
@mavam (129)
@Neverlord (103)
@J-Gras (102)
@srunnels (52)
@mauropalumbo75 (51)
@JustinAzoff (26)
@FlyingWithJerome (24)
@jsoref (21)
@eladsolomon-ms (21)
@leres (20)
@cstruck (17)
@dnthayer (17)
@ynadji (16)
@AmazingPP (15)
@1wilkens (14)
@fatemabw (13)
@jbencteux (12)
@jshlbrd (11)

Recent Commits

Johanna Amann (03 Apr 24)
Merge remote-tracking branch 'origin/topic/johanna/configure-check-submodules' * origin/topic/johanna/configure-check-submodules: Address review feedback for configure error change Raise configure error message for unsupported archives
Johanna Amann (02 Apr 24)
Address review feedback for configure error change See GH-3669
Tim Wojtulewicz (02 Apr 24)
Merge remote-tracking branch 'origin/topic/vern/zam-cat-time-fix' * origin/topic/vern/zam-cat-time-fix: fix ZAM "cat" of doubles/times to include trailing ".0" per normal BiF behavior
Johanna Amann (02 Apr 24)
Raise configure error message for unsupported archives Github lets users download archives of our repos. These do not contain the necessary submodules. We regularly encounter users who stumble across this. We already do have an error message that is raised when a non-recursive git checkout was done. This commit adds an error message for a non-git download that does not contain the necessary files.
Tim Wojtulewicz (29 Mar 24)
Merge branch 'topic/timw/fix-macos-build' * topic/timw/fix-macos-build: CI: Specify the xcode version of the macOS Sonoma instance
Vern Paxson (20 Mar 24)
fix ZAM "cat" of doubles/times to include trailing ".0" per normal BiF behavior
Tim Wojtulewicz (28 Mar 24)
CI: Specify the xcode version of the macOS Sonoma instance
Christian Kreibich (28 Mar 24)
Merge branch 'topic/christian/zeek-lib-fix' * topic/christian/zeek-lib-fix: Remove vestigial Conan bit in CMakeLists.txt When configuring Spicy, be prepated for zeek_lib or zeek_exe targets. Fix a typo in CMakeLists.txt when building Zeek as a library
Christian Kreibich (27 Mar 24)
Remove vestigial Conan bit in CMakeLists.txt This is no longer required since we switched Conan to vcpkg a while back.
Christian Kreibich (27 Mar 24)
When configuring Spicy, be prepated for zeek_lib or zeek_exe targets. This avoids a configuration error where zeek_exe is not defined (i.e. when building (only) as a library). It anticipates building both the executable and the library, which we used to do when using Conan but currently don't.
Christian Kreibich (27 Mar 24)
Fix a typo in CMakeLists.txt when building Zeek as a library This caused an error at configuration time since zeek_lie isn't a thing.
Robin Sommer (25 Mar 24)
Merge remote-tracking branch 'origin/topic/robin/bump-spicy' * origin/topic/robin/bump-spicy: Bump Spicy to current `main`.
Robin Sommer (25 Mar 24)
Bump Spicy to current `main`.
Tim Wojtulewicz (19 Mar 24)
Merge remote-tracking branch 'origin/topic/vern/fine-grained-ZAM-profiling' * origin/topic/vern/fine-grained-ZAM-profiling: tie into updates to gen-zam ZAM documentation updated to reflect finer-grained profiling ZAM-specific BTest baseline changes for tweak to how ZAM bodies print BTest baseline changes for tweak to how ZAM bodies print ZAM execution changes to support richer profiling use richer block-aware location information for ZAM instructions better isolation of ZAM instruction elements hooks for tracking extended ZAM profiling location framework for --enable-ZAM-profiling configuration profiles go to zprof.log rather than stdout ZAM classes in support of finer-grained profiling refined ZAM function profiling to include (correct) statement line number blocks avoid potentially expensive mallinfo() call if result won't be used
Vern Paxson (10 Mar 24)
tie into updates to gen-zam
Vern Paxson (10 Mar 24)
ZAM documentation updated to reflect finer-grained profiling
Vern Paxson (10 Mar 24)
ZAM-specific BTest baseline changes for tweak to how ZAM bodies print
Vern Paxson (10 Mar 24)
BTest baseline changes for tweak to how ZAM bodies print
Vern Paxson (10 Mar 24)
ZAM execution changes to support richer profiling
Vern Paxson (10 Mar 24)
use richer block-aware location information for ZAM instructions
Vern Paxson (10 Mar 24)
better isolation of ZAM instruction elements hooks for tracking extended ZAM profiling location
Vern Paxson (10 Mar 24)
framework for --enable-ZAM-profiling configuration profiles go to zprof.log rather than stdout
Vern Paxson (10 Mar 24)
ZAM classes in support of finer-grained profiling
Vern Paxson (10 Mar 24)
refined ZAM function profiling to include (correct) statement line number blocks
Vern Paxson (10 Mar 24)
avoid potentially expensive mallinfo() call if result won't be used
Tim Wojtulewicz (19 Mar 24)
Merge remote-tracking branch 'origin/topic/timw/fix-std-function-stmt' * origin/topic/timw/fix-std-function-stmt: Remove variant from StdFunctionStmt
Tim Wojtulewicz (19 Mar 24)
Remove variant from StdFunctionStmt The variant ended up conflicting with std::bind, which resulted in failures on the btest invoking it. Change back to a single function that takes a flow, and default it to a value in Exec.
Tim Wojtulewicz (18 Mar 24)
Merge remote-tracking branch 'origin/topic/timw/std-function-event-handler' * origin/topic/timw/std-function-event-handler: Add a method to register an event handler to a std::function via C++
Tim Wojtulewicz (08 Mar 24)
Add a method to register an event handler to a std::function via C++
Tim Wojtulewicz (18 Mar 24)
Merge remote-tracking branch 'origin/topic/neverlord/broker-bump' * origin/topic/neverlord/broker-bump: Update Broker submodule

Zeek Website

Website

The Zeek Network Security Monitor

Zeek (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open source, and powered by defenders.

Redirects

Does not redirect

Security Checks

All 66 security checks passed

Server Details

IP Address 192.0.78.212
Location San Francisco, California, United States of America, NA
ISP Automattic Inc
ASN AS2635

Associated Countries

Saftey Score

Website marked as safe

100%

Blacklist Check

zeek.org was found on 0 blacklists

ThreatLog
OpenPhish
PhishTank
Phishing.Database
PhishStats
URLhaus
RPiList Not Serious
AntiSocial Blacklist
PhishFeed
NABP Not Recommended Sites
Spam404
CRDF
Artists Against 419
CERT Polska
PetScams
Suspicious Hosting IP
Phishunt
CoinBlockerLists
MetaMask EthPhishing
EtherScamDB
EtherAddressLookup
ViriBack C2 Tracker
Bambenek Consulting
Badbitcoin
SecureReload Phishing List
Fake Website Buster
TweetFeed
CryptoScamDB
StopGunScams
ThreatFox
PhishFort

Website Preview

View full report at
web-check.xyz

Zeek Reviews

More Intrusion Detection

OSSEC

(Server)
ossec.net

OSSEC is an Open Source host-based intrusion detection system, that performs log analysis, integrity checking, monitoring, rootkit detection, real-time alerting and active response.

Open Source ossec/ossec-hids

View OSSEC Report
Kismet

(Hardware)
kismetwireless.net

An 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

Open Source kismetwireless/kismet

View Kismet Report
Snare

(Server)
snaresolutions.com/products/snare-central

SNARE (System iNtrusion Analysis and Reporting Environment) is a series of log collection agents that facilitate centralized analysis of audit log data. Logs from the OS are collected and audited. Full remote access, through a web interface easy to use manually, or by an automated process.

Not Open Source

View Snare Report
picosnitch

(Linux)
elesiuta.github.io/picosnitch

picosnitch helps protect your security and privacy by "snitching" on anything that connects to the internet, letting you know when, how much data was transferred, and to where. It uses BPF to monitor network traffic per application, and per parent to cover those that just call others. It also hashes every executable, and will complain if some mischievous program is giving it trouble.

Open Source elesiuta/picosnitch

View picosnitch Report

About the Data: Zeek

API

You can access Zeek's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/intrusion-detection/zeek

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Zeek

Help your friends compare Intrusion Detection, and pick privacy-respecting software and services.
Share Zeek and Awesome Privacy with your network!

View Intrusion Detection (5)

OSSEC

Awesome Privacy