Top 14 Zeek Open-Source Projects
-
zeek
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
-
IVRE
Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more! Uses Nmap, Masscan, Zeek, p0f, etc.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
PacketStreamer
:star: :star: :star: Distributed tcpdump for cloud native environments :star: :star: :star:
-
Malcolm
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
-
StratosphereLinuxIPS
Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Malcolm
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. (by idaholab)
-
threatbus
🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
-
zeek2es
A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for further processing!
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Suricata VS zeek - a user suggested alternative | libhunt.com/r/suricata | 2024-01-02
Also: - https://github.com/deepfence/PacketStreamer
Project mention: Vector: A high-performance observability data pipeline | news.ycombinator.com | 2024-03-17We're building something similar at Tenzir, but more for operational security workloads. https://docs.tenzir.com
Differences to Vector:
- An agent has optional indexed storage, so you can store your data there and pick it up later. The storage is based on Apache Feather, Parquet's little brother.
- Pipelines operators both work with data frames (Arrow record batches) or chunks of bytes.
- Structured pipelines are multi-schema, i.e., a single pipeline can process streams of record batches with different schemas.
Zeek related posts
Index
What are some of the best open-source Zeek projects? This list will help you:
Project | Stars | |
---|---|---|
1 | zeek | 5,942 |
2 | IVRE | 3,307 |
3 | PacketStreamer | 1,854 |
4 | Malcolm | 1,744 |
5 | StratosphereLinuxIPS | 652 |
6 | tenzir | 612 |
7 | S1EM | 387 |
8 | Zeek-Intelligence-Feeds | 317 |
9 | Malcolm | 311 |
10 | threatbus | 254 |
11 | docker-zeek | 41 |
12 | zeek2es | 33 |
13 | dockerized-zeek | 11 |
14 | scripts | 8 |
Sponsored