zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, collect and analyse network intelligence from your sensors, and much more! Uses Nmap, Masscan, Zeek, p0f, ProjectDiscovery tools, etc.

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

⭐ ⭐ Distributed tcpdump for cloud native environments ⭐ ⭐

Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure. LME Docs can be found at https://cisagov.github.io/lme-docs/docs/

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.

Tenzir is the data pipeline engine for security teams.

This project is a SIEM with SIRP and Threat Intel, all in one.

Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark

Zeek-Formatted Threat Intelligence Feeds

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

C++ parser generator for dissecting protocols & files.

🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.

DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat detection

Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

Extract files from network traffic with Zeek.

Zeek IDS Dockerfile

Open source endpoint agent providing host information to Zeek. [v2]

Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)