Zeek is an open-source network analysis framework. Unlike an active security device such as a firewall, Zeek operates on a versatile ‘sensor’ that can be a hardware, software, virtual, or cloud platform. This flexibility allows Zeek to quietly monitor network traffic, interpret it, and generate transaction logs, file content, and customized output. These outputs are suitable for manual review on disk or in an analyst-friendly tool such as SIEM, providing a comprehensive view of network … More
The post Zeek: Open-source network traffic analysis, security monitoring appeared first on Help Net Security.