Showing posts with label security_monitoring. Show all posts
Showing posts with label security_monitoring. Show all posts

Sunday, September 15, 2019

Threat Hunting Tool - Bro (Zeek) Network Security Monitor

Bro (Zeek) - Threat Hunting Tool:

A powerful framework for network traffic analysis and security monitoring.Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.



Note that "Zeek" is the new name of what used to be known as the "Bro" network security monitoring system.


Key Features

  • In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis at the application layer.
  • Adaptable and Flexible Zeek's domain-specific scripting language enables site-specific monitoring policies and means that it is not restricted to any particular detection approach.
  • Efficient Zeek targets high-performance networks and is used operationally at a variety of large sites.
  • Highly Stateful Zeek keeps extensive application-layer state about the network it monitors and provides a high-level archive of a network's activity.
 Download Link :

https://www.zeek.org/download/index.html