Zeek (Bro)

LSE top 100LSE top 100Zeek (12)Zeek (12)

Tool and Usage

Project details

Programming language
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Zeek helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.

Background information

Zeek began as a research project at the Lawrence Berkeley National Laboratory in 1995. One year later it was taken in production. The project was funded by National Science Foundation as of 2003. The International Computer Science Institute (ICSI) helps with the development, which itself is a non-profit research organization affiliated with the University of California at Berkeley. The project was called Bro before, until it was renamed to Zeek in 2018.

Usage and audience

Zeek is commonly used for security monitoring. Target users for this tool are security professionals and system administrators.

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + More than 50 contributors
  • + More than 2000 GitHub stars
  • + The source code of this software is available
  • + Well-known tool


Supported operating systems

Zeek is known to work on FreeBSD, Linux, and macOS.

Zeek alternatives

Similar tools to Zeek:



Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)


Sweet Security

Sweet Security is a set of scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device.



Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.

All Zeek alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information


This tool is categorized as a network intrusion detection tool and network security monitoring tool.