Zeek

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Zeek (formerly Bro) is a powerful open-source network analysis framework that provides a comprehensive platform for security monitoring, intrusion detection, and network forensics.

Getting data in

Source	Add-ons and Apps	Guidance
Zeek Zeek sits on a hardware, software, virtual, or cloud platform that observes network traffic and generates high-fidelity logs, extracting critical information such as connection records, DNS queries, HTTP requests, and file transfers, which are invaluable for security analysts. Software administrators use Zeek data in a Splunk deployment to analyze packet capture data directly or use it as a contextual data feed to correlate with other vulnerability related data in the Splunk platform. In the Common Information Model, Zeek data can be mapped to multiple data models, such as Certificates or Network Resolution, depending on the field.	Splunk platform Technical Add-on for Zeek	Splunk Lantern Articles Detecting software supply chain attacks Monitoring a network for DNS exfiltration Detecting Supernova web shell malware

Source

Add-ons and Apps

Guidance

Zeek

Zeek sits on a hardware, software, virtual, or cloud platform that observes network traffic and generates high-fidelity logs, extracting critical information such as connection records, DNS queries, HTTP requests, and file transfers, which are invaluable for security analysts. Software administrators use Zeek data in a Splunk deployment to analyze packet capture data directly or use it as a contextual data feed to correlate with other vulnerability related data in the Splunk platform.

In the Common Information Model, Zeek data can be mapped to multiple data models, such as Certificates or Network Resolution, depending on the field.

Splunk platform

Technical Add-on for Zeek

Splunk Lantern Articles

Detecting software supply chain attacks
Monitoring a network for DNS exfiltration
Detecting Supernova web shell malware