There are a number of software packages that include or work with Zeek, primarily with earlier versions still named Bro. Packages available for download on this site are indicated by the icon. Note these products are not maintained by the Zeek Project and are listed for reference only. For support, contact the corresponding developer.

Contact us to have your package added to the list.

Works/Integrates with Zeek/Bro

acld		Daemon that manages access control lists on a router and comes with a Bro interface.
Auditing SSH		A modified version of OpenSSH that comes with a Bro interface for auditing in high security installations.
Barnyard2		A dedicated spooler for Snort’s unified2 binary output format.
Bro Analysis Tools (BAT)		Processing and analysis of Bro data with Pandas, scikit-learn, and Spark.
Broccoli		The Bro client communications library; deprecated.
BroccoliSharp		A .NET implementation of the Bro Client Communications Library; deprecated.
brogments		A Pygments Plugin for Bro Script Code that is now also part of the official Pygments distribution.
cf		Command-line tool replacing numeric Unix timestamps with a readable representation.
create-cert		Set of scripts that create SSL certificates for authenticating Bro/Broccoli communication; deprecated.
Cyphon		Open source incident management and response platform.
Elasticsearch ELK Stack		A search analytics platform composed of a search engine (Elasticsearch), log parser (Logstash), and visualization engine (Kibana).
ELSA		A centralized syslog framework built on Syslog-NG, MySQL, and Sphinx full-text search.
hf		Command-line tool replacing numeric IP addresses with resolved hostnames.
iSSHD		Instrumented SSHD, used at NERSC for recording and analyzing the content of interactive SSH sessions.
Metron		Apache Metron is a data processing and analytics platform that leverages security logs and data, with native support for bro logs.
Netflow Indexer		A program that uses xapian to index the flat file databases used by nfdump or flow-tools.
PacketTotal		An engine for analyzing .pcap files, and visualizing the network traffic within.
Scrutinizer		A flow solution for incident response, threat detection, historical reporting, and capacity base-lining for both physical and virtual environments.
Snort		An open-source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS).
Splunk		Real-time data analysis tool used for reporting, diagnostics, and visualization.
syslog2bro		Tool to send syslog messages to Bro via Broccoli; deprecated.
Time Machine		High-performance packet bulk recorder with a Bro interface.
VAST		Visibility Across Space and Time (VAST) is a unified platform for network forensics and incident response.