Zeek has a long history in the open source and digital security worlds. Vern Paxson began developing the project in the 1990s under the name “Bro” as a means to understand what was happening on his university and national laboratory networks. Vern and the project’s leadership team renamed Bro to Zeek in late 2018 to celebrate its expansion and continued development.
Zeek is not an active security device, like a firewall or intrusion prevention system. Rather, Zeek sits on a “sensor,” a hardware, software, virtual, or cloud platform that quietly and unobtrusively observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs, file content, and fully customized output, suitable for manual review on disk or in a more analyst-friendly tool like a security and information event management (SIEM) system.
Critical Path Security is an active collaborator in the Zeek community, and the Léargas Platform is and will remain true to the open source values with actively and continually making contributions to the Zeek community.
Critical Path Security provides continually updated Zeek-formatted Intelligence Feeds for the community, which are free to use.
https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds
Please visit Zeek.org for more information about Zeek – including public downloads, training, and community forums.