Top 14 Zeek Open-Source Projects

• zeek

  1 5,942 9.9 C++

  Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

  

Project mention: Suricata VS zeek - a user suggested alternative | libhunt.com/r/suricata | 2024-01-02

• IVRE

  6 3,307 8.0 Python

  Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more! Uses Nmap, Masscan, Zeek, p0f, etc.

  

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• PacketStreamer

  15 1,854 2.8 Go

  :star: :star: :star: Distributed tcpdump for cloud native environments :star: :star: :star:

  

Project mention: Traffic Mirroring in Azure | /r/AskNetsec | 2023-05-13

Also: - https://github.com/deepfence/PacketStreamer

• Malcolm

  4 1,744 9.9 Python

  Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

  

• StratosphereLinuxIPS

  3 652 9.9 Python

  Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.

  

• tenzir

  15 612 10.0 C++

  Open source security data pipelines.

  

Project mention: Vector: A high-performance observability data pipeline | news.ycombinator.com | 2024-03-17

We're building something similar at Tenzir, but more for operational security workloads. https://docs.tenzir.com

Differences to Vector:

- An agent has optional indexed storage, so you can store your data there and pick it up later. The storage is based on Apache Feather, Parquet's little brother.

- Pipelines operators both work with data frames (Arrow record batches) or chunks of bytes.

- Structured pipelines are multi-schema, i.e., a single pipeline can process streams of record batches with different schemas.

• S1EM

  1 387 7.2 Shell

  This project is a SIEM with SIRP and Threat Intel, all in one.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• Zeek-Intelligence-Feeds

  1 317 7.4 Zeek

  Zeek-Formatted Threat Intelligence Feeds

  

• Malcolm

  5 311 9.9 Python

  Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. (by idaholab)

  

• threatbus

  4 254 0.0 Python

  🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.

  

• docker-zeek

  1 41 1.2 Shell

  Run zeek with zeekctl in docker

  

• zeek2es

  1 33 0.0 Python

  A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for further processing!

  

• dockerized-zeek

  1 11 0.0 Dockerfile

  Dockerized Zeek

  

• scripts

  1 8 3.0 Shell

  Scripts written in BASH, PowerShell, Python, and other languages. (by cyberphor)

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Zeek related posts

• Analyzing a PCAP for potential malware/threats.

  1 project | /r/cybersecurity_help | 29 Dec 2022

• Any Scripts you guys have that make your life so much easier

  4 projects | /r/sysadmin | 30 Dec 2021

• What are you guys using for IDS/IPS in Azure only environments?

  1 project | /r/sysadmin | 23 Oct 2021

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com