Bro (Zeek) - Threat Hunting Tool:A powerful framework for network traffic analysis and security monitoring.Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.
Note that "Zeek" is the new name of what used to be known as the "Bro" network security monitoring system.
Zeek ships with analyzers for many protocols, enabling high-level semantic
analysis at the application layer.
Adaptable and Flexible
Zeek's domain-specific scripting language enables site-specific monitoring
policies and means that it is not restricted to any particular detection
Zeek targets high-performance networks and is used operationally at a variety
of large sites.
Zeek keeps extensive application-layer state about the network it monitors
and provides a high-level archive of a network's activity.