Bro (Zeek) - Threat Hunting Tool:
A powerful framework for network traffic analysis and security monitoring.Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.Note that "Zeek" is the new name of what used to be known as the "Bro" network security monitoring system.
Key Features
-
In-depth Analysis
Zeek ships with analyzers for many protocols, enabling high-level semantic
analysis at the application layer.
-
Adaptable and Flexible
Zeek's domain-specific scripting language enables site-specific monitoring
policies and means that it is not restricted to any particular detection
approach.
-
Efficient
Zeek targets high-performance networks and is used operationally at a variety
of large sites.
-
Highly Stateful
Zeek keeps extensive application-layer state about the network it monitors
and provides a high-level archive of a network's activity.
https://www.zeek.org/download/index.html