zeek/zeekPublic

NotificationsYou must be signed in to change notification settings
Fork1.2k
Star6.7k

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

License

View license

6.7k stars 1.2k forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 17,828 Commits
.github/workflows		.github/workflows
auxil		auxil
ci		ci
cmake @ 85c6f90		cmake @ 85c6f90
cmake_templates		cmake_templates
doc @ 12ce9cc		doc @ 12ce9cc
docker		docker
man		man
scripts		scripts
src		src
testing		testing
.cirrus.yml		.cirrus.yml
.clang-format		.clang-format
.clang-tidy		.clang-tidy
.cmake-format.json		.cmake-format.json
.dockerignore		.dockerignore
.git-blame-ignore-revs		.git-blame-ignore-revs
.gitattributes		.gitattributes
.gitignore		.gitignore
.gitmodules		.gitmodules
.pre-commit-config.yaml		.pre-commit-config.yaml
.typos.toml		.typos.toml
.update-changes.cfg		.update-changes.cfg
CHANGES		CHANGES
CMakeLists.txt		CMakeLists.txt
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
COPYING		COPYING
COPYING-3rdparty		COPYING-3rdparty
INSTALL		INSTALL
Makefile		Makefile
NEWS		NEWS
README		README
README.md		README.md
SECURITY.md		SECURITY.md
VERSION		VERSION
configure		configure
ruff.toml		ruff.toml
vcpkg.json		vcpkg.json
zeek-path-dev.in		zeek-path-dev.in

Repository files navigation

The Zeek Network Security Monitor

Apowerful framework for networktraffic analysis and security monitoring.
Key Features —Documentation —Getting Started —Development —License
Follow us on Twitter at@zeekurity.

Key Features

In-depth AnalysisZeek ships with analyzers for many protocols, enabling high-level semanticanalysis at the application layer.
Adaptable and FlexibleZeek's domain-specific scripting language enables site-specific monitoringpolicies and means that it is not restricted to any particular detectionapproach.
EfficientZeek targets high-performance networks and is used operationally at a varietyof large sites.
Highly StatefulZeek keeps extensive application-layer state about the network it monitorsand provides a high-level archive of a network's activity.

Getting Started

The best place to find information about getting started with Zeek isour web sitewww.zeek.org, specifically thedocumentation sectionthere. On the web site you can also find downloads for stablereleases, tutorials on getting Zeek set up, and many other usefulresources.

You can find release notes inNEWS,and a complete record of all changes inCHANGES.

To work with the most recent code from the development branch of Zeek,clone the master git repository:

git clone --recursive https://github.com/zeek/zeek

With alldependenciesin place, build and install:

./configure && make && sudo make install

Write your first Zeek script:

# File "hello.zeek"eventzeek_init()    {print"Hello World!";    }

And run it:

zeek hello.zeek

For learning more about the Zeek scriptinglanguage,try.zeek.org is a great resource.

Development

Zeek is developed on GitHub by its community. We welcomecontributions. Working on an open source project like Zeek can be anincredibly rewarding experience and, packet by packet, makes theInternet a little safer. Today, as a result of countlesscontributions, Zeek is used operationally around the world by majorcompanies and educational and scientific institutions alike forsecuring their cyber infrastructure.

If you're interested in getting involved, we collect feature requestsand issues on GitHubhere andyou might findtheseto be a good place to get started. More information on Zeek'sdevelopment can be foundhere, and informationabout its community and mailing lists (which are fairly active) can befoundhere.