From prodefence.org
Zeek is a powerful framework for network analysis and security monitoring. It is a powerful system that on top of the functionality it provides out of the box, also offers the flexibility to customize analysis pretty much arbitrarily
Feature
- AdaptableZeek’s domain-specific scripting language enables site-specific monitoring policies.
- EfficientZeek targets high-performance networks and is used operationally at a variety of large sites.
- FlexibleZeek is not restricted to any particular detection approach and does not rely on traditional signatures.
- ForensicsZeek comprehensively logs what it sees and provides a high-level archive of a network’s activity.