Zeek

Zeek sits on a hardware, software, virtual, or cloud platform that observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs, file content, and fully customized output. Software administrators use Zeek data in a Splunk deployment to analyze packet capture data directly or use it as a contextual data feed to correlate with other vulnerability related data in the Splunk platform. In the Common Information Model, Zeek data can be mapped to multiple data models, such as Certificates or Network Resolution, depending on the field.