Zeek
Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.
Why it is included
Foundation of many NSM pipelines feeding SIEMs and threat hunting.
Best for
Instrumenting east-west and north-south traffic for hunters and IR.
Strengths
- Zeek scripting
- Extensive logs
- Community packages
Limitations
- Storage and parser maintenance at scale
Good alternatives
Suricata (different emphasis) · Commercial NDR
Related tools
Security & Privacy
Suricata
High-performance IDS/IPS and network security monitoring with multi-threading, TLS inspection options, and Lua scripting.
Security & Privacy
Wazuh
Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.
Security & Privacy
Arkime
Large-scale full packet capture, indexing, and search (SPIE) with a web UI—successor to the Moloch lineage for NSM teams.
Security & Privacy
Snort
Classic packet-sniffing IDS/IPS with rule language and community rule feeds; Snort 3 improves scaling.
Security & Privacy
Security Onion
Linux distribution and platform bundling Zeek, Suricata, Elastic stack, and analyst UIs for NSM and log hunting.
Security & Privacy
Chainsaw
Rapidly search and hunt through Windows event logs (EVTX) using Sigma-like rules and built-in threat detections.