Zeek

Features

Network Security Monitoring - Monitors network traffic and detects malicious activity using customizable detection policies.
Network Activity Archiving - Maintains detailed historical records of network events and application state for forensic investigation and auditing.
Network Analysis - Provides a comprehensive framework for capturing, monitoring, and analyzing network traffic.
Modular Analyzers - Employs a set of pluggable analyzers that decode specific application-layer protocols into a common event format.
Event-Driven Scripting - Executes custom analysis logic by triggering scripts based on real-time network events.
Network Traffic Analyzers - Transforms raw network packets into high-level semantic logs for security monitoring.
Application-Layer Protocol Inspections - Performs deep semantic analysis of numerous application-layer protocols to extract meaning from traffic.
Network Intrusion Detection - Monitors network traffic for suspicious patterns and malicious activity using customizable policies.
Protocol - Maintains persistent internal tables that map network connections to their current protocol state.
Protocol State Machines - Tracks application-layer state over time to reconstruct high-level conversations from individual packets.
Packet-to-Log Pipelines - Converts raw binary network traffic into structured semantic logs through a multi-stage analysis pipeline.
Application Layer Protocol Dissectors - Functions as a system that reconstructs and decodes application-layer protocols from raw network traffic.
Network Activity Archiving - Maintains extensive application-layer state to provide a high-level historical record of all network activity.
Network Traffic Analysis - Converts raw network packets into high-level semantic logs to monitor application layer activity.
Custom Logic Extensions - Provides mechanisms to tailor monitoring behavior and log generation via a specialized scripting language.
Domain Specific Languages - Provides a specialized domain-specific language for defining network monitoring policies and behavior rules.
Monitoring Policies - Allows the definition of custom detection approaches and site-specific monitoring rules.
Security and Compliance - Network analysis framework for security monitoring.

Open-source alternatives to Zeek

Similar open-source projects, ranked by how many features they share with Zeek.

stamparm/maltrail
stamparm/maltrail
8,498View on GitHub
Maltrail is a malicious traffic detection system used for network intrusion detection. It consists of a network intrusion sensor for monitoring interfaces, a threat intelligence aggregator for syncing blacklists, and a detection engine that identifies security threats through signature matching and heuristic attack patterns. The system distinguishes itself through a distributed sensor architecture that collects traffic data from multiple remote probes and forwards events to a central analysis server. It employs heuristic behavioral analysis to identify unknown threats, such as port scanning o
Pythonattack-detectionintrusion-detectionmalware
View on GitHub8,498
oisf/suricata
OISF/suricata
6,008View on GitHub
Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a
Ccybersecurityidsintrusion-detection-system
View on GitHub6,008
wireshark/wireshark
wireshark/wireshark
9,477View on GitHub
Wireshark is a network protocol analyzer and traffic inspector used for capturing and inspecting network traffic. It functions as a packet capture tool that intercepts live data from network interfaces and a TCP/IP dissector that decodes network protocol layers to translate raw binary packets into human-readable fields. The system provides capabilities for protocol stream reconstruction, grouping related packets into cohesive conversations between endpoints. It also operates as a packet file converter, allowing for the reading, modification, and conversion of network capture files across vari
Cpacket-capturestratosharktshark
View on GitHub9,477
requestly/requestly
requestly/requestly
6,341View on GitHub
TypeScriptapiapi-clientapi-mock
View on GitHub6,341

See all 30 alternatives to Zeek

zeekzeek

Features

Open-source alternatives to Zeek

stamparm/maltrail

OISF/suricata

wireshark/wireshark

requestly/requestly

Star history

Open-source alternatives to Zeek

stamparm/maltrail

OISF/suricata

wireshark/wireshark

requestly/requestly