github.com/zeek/zeek ↗

About zeek/zeek

Zeek is a powerful network analysis framework and security monitoring platform written in C++ that goes beyond traditional intrusion detection systems. It provides in-depth analysis of network traffic through built-in analyzers for numerous protocols, enabling semantic analysis at the application layer. The framework maintains extensive application-layer state about network activity, creating a comprehensive archive that can be queried and analyzed.

The platform is designed for flexibility and high-performance environments. Its domain-specific scripting language allows operators to write custom monitoring policies tailored to their specific needs, rather than being restricted to predefined detection rules. This adaptability, combined with its efficient architecture, has made it popular in operational deployments at large organizations, educational institutions, and scientific facilities worldwide.

Zeek is actively developed by a community of contributors on GitHub and is released under a BSD license. The project includes comprehensive documentation, tutorials, and an interactive learning resource at try.zeek.org for those new to the scripting language. The development team employs various static analysis and quality assurance tools including Clang-Tidy, Coverity, and PVS-Studio to maintain code quality.