Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark
☆449Jan 16, 2024Updated 2 years ago
Alternatives and similar repositories for zat
Users that are interested in zat are comparing it to the libraries listed below
Sorting:
- Bro IDS + ELK Stack to detect and block data exfiltration☆46Oct 31, 2018Updated 7 years ago
- A package manager for Zeek☆47Jan 8, 2026Updated last month
- A completely automated anomaly detector Zeek network flows files (conn.log).☆82Aug 5, 2025Updated 7 months ago
- A set of Zeek scripts to detect ATT&CK techniques.☆621Jun 26, 2024Updated last year
- Bro IDS programs collection.☆146Oct 16, 2019Updated 6 years ago
- Bro/Zeek integration with osquery☆93Nov 2, 2020Updated 5 years ago
- Bro PCAP Processing and Tagging API☆28Nov 9, 2017Updated 8 years ago
- JoeSandbox-Bro is a simple bro script which extracts files from your internet connection and analyzes them automatically on Joe Sandbox☆44Jun 6, 2019Updated 6 years ago
- How to Zeek Sysmon Logs!☆103Feb 12, 2022Updated 4 years ago
- Extract files from network traffic with Zeek.☆102Mar 17, 2020Updated 5 years ago
- Plugin providing native AF_Packet support for Zeek.☆33Oct 22, 2025Updated 4 months ago
- ☆24Mar 29, 2020Updated 5 years ago
- The default package source of the Zeek Package Manager. Wrote a package? See the README for how to get it included.☆143Feb 27, 2026Updated last week
- Bro scripts written by CrowdStrike Services☆150May 3, 2021Updated 4 years ago
- Zeek support for Community ID flow hashing.☆36Jul 11, 2023Updated 2 years ago
- (OBSOLETE) Plugins for Bro☆53Sep 13, 2017Updated 8 years ago
- module for osquery to load Bro logs into tables☆28Apr 28, 2015Updated 10 years ago
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,515Jan 12, 2026Updated last month
- Add POST body excerpt to Bro's HTTP log☆14Dec 10, 2025Updated 2 months ago
- Flow-Indexer indexes flows found in chunked log files from bro,nfdump,syslog, or pcap files☆44May 9, 2024Updated last year
- Clearcut is a tool that uses machine learning to help you focus on the log entries that really need manual review☆196Oct 24, 2016Updated 9 years ago
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings☆122Jul 12, 2021Updated 4 years ago
- A Bro package to identify connections that are bursting (lots of data and transferring quickly).☆13Oct 15, 2020Updated 5 years ago
- Various Bro scripts☆96Jul 8, 2016Updated 9 years ago
- Zeek IDS Dockerfile☆101Dec 5, 2022Updated 3 years ago
- An open source framework for enterprise level automated analysis.☆394Jun 27, 2022Updated 3 years ago
- Logging plugin to bro to send logs to a Kafka broker☆20Nov 29, 2017Updated 8 years ago
- ☆16Feb 13, 2020Updated 6 years ago
- Bro Intel Feed Linter☆26Aug 30, 2019Updated 6 years ago
- Apache Metron☆60Oct 8, 2020Updated 5 years ago
- brostash: Linux distribution based on Debian and focusing on network security events collection☆33Aug 30, 2020Updated 5 years ago
- A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.☆252Jul 19, 2021Updated 4 years ago
- Zeek Log Cheatsheets☆303Aug 12, 2025Updated 6 months ago
- This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2☆124Nov 19, 2020Updated 5 years ago
- Plugin providing AF_XDP support for Bro.☆14May 10, 2021Updated 4 years ago
- scan-detection policies for bro☆16Jan 16, 2025Updated last year
- Real-time, container-based file scanning at enterprise scale☆977Updated this week
- A Python library to help with some common threat hunting data analysis operations☆142Apr 23, 2023Updated 2 years ago
- An analytical framework for network traffic and behavioral analytics☆456Dec 7, 2022Updated 3 years ago