Zeek

Inspect all network traffic for signs of suspicious activity

Request a DemoRead the Docs

App Info

Monitor Zeek logs to gain complete security visibility into network traffic with Panther’s Zeek integration.

Zeek (formerly Bro) is a network analysis tool for security monitoring. It converts raw network traffic into logs that summarize a broad range of network activity. Panther can collect, normalize, and monitor Zeek logs to help you identify suspicious activity in real time. Your normalized data is then retained to power future security investigations in a data lake powered by AWS or the cloud-native data platform, Snowflake.

Use Panther’s built in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for Zeek with Panther include:

  • Monitor suspicious network traffic
  • Gain a deep understanding of your network activity and discover operational anomalies
  • Find security threats hiding in protocols like DNS

How it Works

The integration is simple and fast:

  • Link your existing S3/SQS queues to Panther as a data source
  • Panther parses, normalizes, and analyzes your log data in real-time
  • As rules are triggered, alerts are sent to your configured destinations
  • Normalized logs can be searched from Panther’s Data Explorer (Enterprise only)
  • Sit back and monitor your activity!

Learn more about Panther's supported logs schema for Zeek.